Table of contents exchange of letters with the minister executive summary



Download 5.91 Mb.
View original pdf
Page325/329
Date27.11.2023
Size5.91 Mb.
#62728
1   ...   321   322   323   324   325   326   327   328   329
Report of the COI into the Cyber Attack on SingHealth 10 Jan 2019

COI Report – Part VII
Page 420 of 425

1209. SIRMs must be provided with the relevant training to shore up these competencies.
1210. To sum up, well-rounded security professionals who combine industry certifications with experience and education should be chosen. The best person for the job must be found, taking into account availability of candidates, cost, and the potential benefit to the entire organisation. This person must then be trained and developed to ensure that they reach their full potential, and can bean asset, rather than a liability, to the organisation.



COI Report – Part VII
Page 421 of 425

51 RECOMMENDATION
#16:
A
POST-BREACH
INDEPENDENT
FORENSIC
REVIEW
OF
THE
NETWORK, ALL ENDPOINTS, AND THE SCM SYSTEM
SHOULD BE CONSIDERED
#VIGILANCE GOVERNANCE
1211. An important post-breach action is that of ensuring that the threat is eradicated – completely. This means that all breach points must be identified and all attack traces/artefacts must be removed.
120
This includes malware, spyware or any other types of software. This exercise can be complex, lengthy and may require the work of outside experts.
121
Accordingly, IHiS should consider conducting an independent review of the SingHealth network, all endpoints and the SCM system.
1212. Over the course of the Inquiry, concerns were raised on whether the
SingHealth network was clean post-breach. The concern is areal and urgent one because in the short-term, IHiS will be proceeding with a pilot deployment of their remote-browser solution for internet access atone PHI and in the long- term, the ISS temporarily in place now maybe lifted. If the attacker is still in the network, it will spring to life when the system goes online.
1213. On whether the SingHealth network is clean, CSA’s evidence is that the network has been scanned and cleared of the malware or indicators of compromise (“IOCs”) that were discovered through the course of investigation.
CSA has pointed to the following measures a) All Citrix servers have been reloaded with a clean image on 14 and
15 July 2018; and Alexander Ellrodt, If a Breach Happens – An Action Plan for Response and Damage Containment” in Managing Cybersecurity Risk at p.
121
Ibid.



Download 5.91 Mb.

Share with your friends:
1   ...   321   322   323   324   325   326   327   328   329




The database is protected by copyright ©ininet.org 2024
send message

    Main page