COI Report – Part VII
Page
413 of
425 alone would not be adequate to ensure that the CERT fulfils its potential as the guardian of an organisation’s IT assets. It is crucial that training and theoretical knowledge is made real and ingrained in the CERT members through the conduct of regular practical exercises. As CE,
CSA said “CSA recommends that IHiS should conduct a thorough review of their processes to ensure that there are no gaps, followed by a thorough and systematic training process to ensure that all staff have
internalised these processes, and know exactly what steps to take in the event of a cybersecurity incident
1195.
In this regard, TTXes (Table Top Exercises) and drills are key to ensuring that CERT members familiarise themselves with incident response plans and processes. Repeated execution of these plans and processes will lead to increased efficiency, and reduce the chances of confusion and hesitation causing a delayed response in the event of areal attack. Furthermore, these exercises will inevitably expose weaknesses in the plans and processes that can then be addressed. The importance of practice and practical application cannot be overstated. As Gen. Alexander said Proper training and a solid exercise program would have ensured personnel knew and understood their roles and responsibilities in helping to prevent the cyber attack on SingHealth. Personnel involved in detecting and mitigating this attack would have benefited from an individual and
collective training program 1196. The conduct of exercises will also help to alert management to the natural abilities (or inabilities) of CERT members. This will allow for an assessment of the initiative of individual team members, and also for the evaluation of potential bottlenecks in the incident response process due to the failings of individual officers (
e.g. the SIRM).
Share with your friends: 
