Table of contents exchange of letters with the minister executive summary


AND GOVERNMENT TO ACHIEVE A HIGHER LEVEL OF COLLECTIVE



Download 5.91 Mb.
View original pdf
Page183/329
Date27.11.2023
Size5.91 Mb.
#62728
1   ...   179   180   181   182   183   184   185   186   ...   329
Report of the COI into the Cyber Attack on SingHealth 10 Jan 2019
AND GOVERNMENT TO ACHIEVE A HIGHER LEVEL OF COLLECTIVE
CYBERSECURITY ................................................................................................. 331
42.1
Threat intelligence sharing should be enhanced .......................................... 332
42.1.1
Intelligence generated by CSA from their investigations with their investigative
partners........................................................................................................... 333
42.1.2
Intelligence generated by each enterprise from their investigations and
prevention and detection tools ........................................................................ 336


COI Report – Part VII
Page 217 of 425

42.1.3
Classified information provided by commercial companies to their trusted
partners........................................................................................................... 336
42.1.4
Classified information provided by security partners in other countries ....... 337 Partnerships with ISPs should be strengthened ........................................... 337 Defence beyond borders – cross-border and cross-sector partnerships should be strengthened ............................................................................................ 337 Using a network to defend a network should be explored ........................... 338
43
RECOMMENDATION #8: IT SECURITY RISK ASSESSMENTS AND
AUDIT PROCESSES MUST BE TREATED SERIOUSLY AND CARRIED
OUT REGULARLY. 340
43.1
Risk assessments must be conducted at critical junctures ........................... 340
43.1.1
IT security risk assessments must be conducted on CII and mission-critical
systems annually and upon specified events ................................................... 340
43.1.2
A written cybersecurity risk management framework must be established .... 341
43.1.3
Risks must be thoughtfully identified and prioritised during each
assessment ...................................................................................................... 342
43.1.4
A clear process and methodology for cybersecurity risk assessment, and
treatment and monitoring of cybersecurity risk should be established, and staff
must be trained on the same ........................................................................... 343
43.1.5
A policy should be established fora comprehensive risk register to be
maintained and updated after every risk assessment ..................................... 346
43.1.6
Senior management should be responsible for and clearly articulate the
organisation’s risk appetite ............................................................................ 347 Audit action items must be remediated ........................................................ 348
43.2.1
Regular audits on CII systems must be conducted by an independent third

Download 5.91 Mb.

Share with your friends:
1   ...   179   180   181   182   183   184   185   186   ...   329



The database is protected by copyright ©ininet.org 2024
send message
    Main page
united states
total number
vast majority
federal government
other side
next generation
supreme court
information contained
current state
executive director
national association
middle east
east coast
general assembly
private sector
same time
west coast
united kingdom
united nations
total amount
full range
highest level
soviet union
european union
national academy