What is all this?
The Singapore Cyber Security Agency (CSA) recently announced the launch of a new cyber security certification program that will call or certify companies that have implemented good cyber security practices through certification. This is a great way to incentivize cybersecurity among businesses.
The program is divided into two halves based on the size of the organization being certified. The first part, called Cyber Essentials, aims to encourage small and medium-sized businesses that often have to deal with limited resources and manpower to implement good cybersecurity practices, including access management and control, incident response and disaster recovery.
Cyber Trust, the second half, deals with larger and more digitized companies, including multinationals. It will offer a risk management approach that helps them understand their risk exposure, increase contextual awareness, and help them focus on various areas related to cyber resilience to address and mitigate security risks and challenges. The company’s overall security posture will also be evaluated.
CSA has put together 5 levels of cybersecurity readiness that align with a company’s unique risk profile. Each level covers between 10 and 22 domains, including cyber governance, awareness and education, asset protection, and cyber resilience. These readiness levels will be part of a technical reference (TR) for cyber security standards to be implemented in the second quarter of this year.
What will the TR contain?
The TR will essentially offer a tiered approach to implementing cybersecurity measures including:
- Establishing a comprehensive process to protect sensitive data
- Installation of anti-malware solutions
- Protect backups from any form of unauthorized access
- Understand the different risk profiles of companies.
The tiered measures take into account the operational imperatives of organizations operating in Singapore. Using the TR, where available, in conjunction with the CSA certification scheme, will help businesses secure and protect their digital assets and personal data and will gradually improve cybersecurity readiness.
What kind of support does CSA offer to companies that want to obtain these marks?
CSA has developed a suite of tools for IT teams and curated an early ecosystem of partners with product and service offerings to help businesses meet these requirements. The IT Team Toolkit is part of a suite of cybersecurity toolkits developed by CSA and is targeted at key business stakeholders. It includes resources that companies can use to prepare for cybersecurity certification. There are templates for tracking the status of various information assets included in these kits.
Do these cybersecurity brands cover specific products or offers?
No, they are only related to the best cybersecurity practices adopted by an organization at an institutional level.
Is it mandatory?
As of now, no.
Who will be the certifying authority here?
CSA has announced the appointment of 8 certification bodies that will act independently. These firms will be in charge of certifying the companies that apply to be part of this program.
How will companies benefit from this unique exercise?
In addition to improving trust and credibility, a certification in cybersecurity best practices will also help your brand on several levels. Companies can flaunt this new certification in all their outgoing communications to convey the level of cybersecurity maturity achieved, as well as the priority that company management and employees place on cybersecurity.
Sectrio recommends that all companies obtain this certification as soon as possible. This is a way to add momentum to your cybersecurity journey, as well as get cybersecurity high on your organization’s priority agenda.
How can Sectrio help with this certification?
If we break down the requirements of this certification into other components, we can essentially pinpoint 3 main result areas:
- The best cybersecurity measures
- Raise cybersecurity awareness levels of all stakeholders
- Develop a roadmap to continually improve security
Sectrio can help protect digital assets everywhere IT, OT, IoT and converged environments. Sectrio can also offer its threat intelligence feeds to enhance threat hunting to detect and remediate threats early. Sectrio offerings can also improve the overall cybersecurity posture by helping with cybersecurity requirements around:
In addition, Sectrio also offers compliance kits to align your internal cybersecurity practices and measures with standards such as IEC 62443 and those recommended by NIST. We can also help your company adopt a zero-trust approach and protect your business from sophisticated attacks at all levels, including those that arise at various points in your extended supply chain.
Do not wait up. Book a free, no obligation slot with our IT, IoT and OT cybersecurity analysts and consultants to learn more about how to comply with the new recognition scheme. Reserve here.
Learn more about our cybersecurity solution for IoT, IT and OT through a interactive demo.
Try our threat intelligence feeds for free for the next two weeks.
*** This is a syndicated Security Bloggers Network blog from Sector written by Prayukth K V. Read the original post at: https://sectrio.com/singapore-cybersecurity-scheme-faqs-and-best-practices/