Table of contents exchange of letters with the minister executive summary


A competent and qualified Security Incident Response Manager



Download 5.91 Mb.
View original pdf
Page323/329
Date27.11.2023
Size5.91 Mb.
#62728
1   ...   319   320   321   322   323   324   325   326   ...   329
Report of the COI into the Cyber Attack on SingHealth 10 Jan 2019
50.3 A competent and qualified Security Incident Response Manager
who understands and can execute the required roles and
responsibilities must be appointed
1202. It is tempting to think of cyber defence primarily as a technical challenge, but the actions of people also play a critical part in successor failure of incident



COI Report – Part VII
Page 416 of 425

response
119
. Defending and responding to cyber attacks requires the right people, who act responsibly and in the best interests of the organisation. Vulnerabilities inhuman assets can be just as dangerous as those in information systems.
1203. Role of SIRT and SIRM. Security incidents would be investigated by the
SIRT, led by the SIRM. The SingHealth SIRM was Ernest. The CERT reports to the SIRM. In addition, the Infrastructure Services Lead, and the Application Services Lead, also report to the SIRM. It is the SIRM’s responsibility to coordinate these inputs and report to the Cluster ISO. It is then the Cluster ISO’s responsibility to escalate the issue to the GCIO. The structure of the SIRT is highlighted in the diagram below.
Figure 15: SIRT Reporting Structure
119
CIS Controls Version 7 at p.



COI Report – Part VII
Page 417 of 425

1204. The SIRM’s responsibilities include a) Leading and coordinating activities during incident response b) Managing technical activities during the incident response c) Assigning responsibilities d) Ensuring compliance with the incident handling procedures and guidelines in the IR-SOP; e) Receiving incident response alerts about security incidents f) Managing the incident response process from the discovery, to assessment, remediation and resolution stages g) Report to the Cluster ISO and h) Developing IT security incident handling and response policies and processes.
1205. Deficiencies observed in the SIRM. Given the responsibilities and accountability needed to execute the incident response plan, the right SIRM must be in place. The SIRM must be empowered, competent, and possess the right skills sets for the job. Ernest woefully failed to meet these criteria. As Vivek observed The most glaring failure in my opinion was with the role of SIRM. I have read the latest testimony where Ernest seems to indicate that he was not looking forward to the additional workload in the event that the incident got escalated. While this certainly maybe a contributing factor and may explain some of his actions or lack thereof, I also believe that Ernest did not fully understand their responsibilities of the SIRM role and did not have the necessary competencies to effectively discharge his duties



Download 5.91 Mb.

Share with your friends:
1   ...   319   320   321   322   323   324   325   326   ...   329




The database is protected by copyright ©ininet.org 2024
send message

    Main page