COI Report – Part IV
Page 160 of 425
GCIO and the Sector Lead (i.e. the CSG). Although Benjamin’s slides were titled
“SCM Breach.pptx”, Wee was of the view that it was a “potential breach”, as it was “not confirmed”; his understanding at the time was that based on the IR-SOP, only a confirmed breach of CII would need to be escalated. Wee was also of the view that since that Ernest was still investigating, it would not have been appropriate for Wee to report the matter to the GCIO at the time.
26.10 Query from Katherine about reporting the matter
500. At about pm on 4 July 2018, Sze Chun created a WhatsApp chat group for quicker communication. The chat group was titled “unknown access”, and members of this chat group were Sze Chun, Katherine, Kelvin, Robin, Lum, Loo and Sze Chun’s reporting officer, Kuah Peng Ann Steven. Members of the
SMD were not included in this chat group. The chat group was used for information sharing and coordination between members, including for the terminating of ongoing unusual queries.
501. At about pm on 4 July 2018, Katherine informed her immediate superior, Teresa Wu Rong-Jang, about the unusual queries running on the SCM database. It occurred to Teresa that they maybe dealing with a security incident, and showed Katherine a single PowerPoint slide titled “IT Security Incident
Management – Reporting Flow and Timeline”. This slide in fact reproduced the reporting timelines and reporting flow found in the SIRF. Katherine understood this as directing staff to inform their HOD and the Cluster ISO in the event that they encountered a security incident.
502. Further to Teresa’s directions to check if a report should be made, Katherine sent a message to the unknown access Whatsapp chat group at pm on 4 July 2018, asking if “Please decide if need to rpt?”, and attaching a copy of the slide which Teresa showed her earlier. At pm, amidst discussions on the chat group on logins to Citrix Server 2, Sze Chun replied asking “the reporting is .?”
Thereafter, the conversation turned to the termination of queries and the use of the AA. account, and there was no response to
Katherine’s query on reporting.
|
