Report of the COI into the Cyber Attack on SingHealth 10 Jan 2019
45 RECOMMENDATION #10: DOMAIN CONTROLLERS MUST BE BETTER SECURED AGAINST ATTACK .......................................................... 368 45.1 The operating system for domain controllers must be more regularly updated to harden these servers against the risk of cyber attack. .............................. 369 The attack surface for domain controllers should be reduced by limiting login access ........................................................................................................... 370 Administrative access to domain controllers must require two-factor authentication ............................................................................................... 371 46 RECOMMENDATION #11: A ROBUST PATCH MANAGEMENT PROCESS MUST BE IMPLEMENTED TO ADDRESS SECURITY VULNERABILITIES .............................................................................................. 372 46.1 A clear policy on patch management must be formulated and implemented. 373 46.1.1 Maintenance of an organisational-level software inventory .......................... 374 46.1.2 Vulnerability identification and patch acquisition ......................................... 374 46.1.3 Patching timelines .......................................................................................... 374 46.1.4 Risk assessment and prioritisation ................................................................. 375 46.1.5 Patch testing ................................................................................................... 377 The patch management process must provide for oversight with the reporting of appropriate metrics .................................................................................. 379 47 RECOMMENDATON #12: A SOFTWARE UPGRADE POLICY WITH FOCUS ON SECURITY MUST BE IMPLEMENTED TO INCREASE CYBER
