denisismagilov - stock.adobe.com
Singapore’s Cyber Security Agency (CSA) has launched a new cyber security certification scheme to recognise organisations with good cyber security practices.
Comprising two cyber security marks, Cyber Essentials and Cyber Trust, the scheme was developed in consultation with certification practitioners, technology providers and trade associations, taking into consideration the organisational profiles and operational needs of enterprises in Singapore.
Cyber Essentials is aimed at helping small and medium-sized enterprises (SMEs), which tend to have limited cyber security resources, adopt cyber security measures to protect their systems such as data backups, access controls and incident response.
For larger firms, Cyber Trust will provide a risk-based approach to help them understand their risk profiles and identify relevant cyber security preparedness areas required to mitigate security risks.
This is done through five cyber security preparedness tiers that correspond to an organisation’s risk profile, with each tier comprising 10 to 22 domains such as governance, cyber education, information asset protection and cyber security resilience, among others.
Led by CSA and the Singapore Standards Council (SSC) with support from the Infocomm Media Development Authority, the preparedness tiers are part of a Technical Reference (TR) on cyber security standards which is expected to be published in the second quarter of 2022.
CSA said the new two cyber security marks do not certify the cyber security of specific products or services. Rather, they certify the cyber security measures adopted by an organisation.
In rolling out the certification programme, CSA has appointed eight independent certification bodies for enterprises applying for either Cyber Essentials or Cyber Trust. While the security marks are not mandatory, CSA said it will work with industry partners, such as trade associations and business groups to encourage adoption.
David Koh, chief executive of CSA, said the security certification scheme is timely and that companies could be required to demonstrate their cyber security to provide greater assurance to their customers. “Having the certification reflects the company’s commitment to ensure that they remain cyber secure, giving them an edge over their competitors,” he added.
To help organisations address the requirements of the security marks, the CSA has developed a toolkit for IT teams comprising resources such as templates for tracking information assets, as well as products or services from an initial ecosystem of partners.
Prior to the launch of the certification scheme, CSA worked with organisations such as e-commerce giant Lazada to “road-test” the certification requirements and gather feedback on the certification process.
“CSA’s Cyber Trust provides a comprehensive and structured approach to assess the cyber security posture of larger business organisations, and also helps them to build a roadmap to further improve management processes and risk strategies,” said Yuezhong Bao, chief information security officer at Lazada Group.
“Lazada is participating in this programme to demonstrate the reliability and security of information systems and help increase business resilience in this evolving and complex cyber environment,” he added.
Read more about cyber security in ASEAN
- Singapore’s Ensign Infosecurity answers the top three questionsabout the impact of the Log4j vulnerability.
- The Malaysian Highway Authority is now more resilient against cyber attacksthrough a local disaster recovery-as-a-service offering powered by Veeam software.
- Organisations will need to develop behavioural detection, machine learning and threat hunting capabilities to keep pace with the onslaught of cyber attacks.
- The narrowing gender gap may be a cause for cheer, but more needs to be done to curb discrimination, and attract and retain women for cyber security roles in Asia-Pacific.