What is it all about?
Singapore’s Cyber Security Agency (CSA) recently announced the launch of a new cyber security certification program that will call out or rather certify firms that have implemented good cyber security practices through a certification. This is a great way of incentivizing cybersecurity among businesses.
The program is divided into two halves based on the size of the organization being certified. The first part called Cyber Essentials is targeted at encouraging small and medium-sized businesses that often have to deal with limited resources and manpower to implement good cybersecurity practices including access management and control, incident response, and disaster recovery.
Cyber Trust, the second half, deals with larger and more digitized enterprises including MNCs. It will offer a risk management approach that helps them understand their risk exposure, raise contextual awareness and help them focus on various areas related to cyber resilience to address and mitigate security risks and challenges. The overall security posture of the enterprise will also be assessed.
CSA has put together 5 cybersecurity preparedness tiers that align with an enterprise’s unique risk profile. Each tier covers between 10-22 domains including cyber governance, awareness and education, asset protection, and cyber resilience. These preparedness tiers will be a part of a Technical Reference (TR) for cyber security standards that will be rolled out in the second quarter of this year.
What will the TR contain?
The TR will essentially offer a tiered approach towards deploying cybersecurity measures including:
- Establishing a comprehensive process to secure sensitive data
- Installing anti-malware solutions
- Securing backups from any form of unauthorized access
- Understanding different risk profiles of enterprises.
The tiered measures take into account the operational imperatives of organizations operating in Singapore. The use of the TR, when it becomes available, together with CSA’s certification scheme, will help businesses secure and protect their digital assets, and personal data and enhance cybersecurity preparedness in a phased manner.
What kind of support is CSA offering for companies that wish to obtain these marks?
CSA has developed a toolkit for IT teams and curated an early ecosystem of partners with product and service offerings to help businesses meet these requirements. The toolkit for IT teams is part of a suite of cybersecurity toolkits put together by CSA and are targeted at key enterprise stakeholders. It includes resources that enterprises can utilize to prepare for cybersecurity certification. There are templates for tracking the state of various information assets included in these kits.
Do these cybersecurity marks cover specific products or offerings?
No, they are only related to cybersecurity best practices adopted by an organization at an institutional level.
Is it mandatory?
As of now, no.
Who will be the certifying authority here?
CSA has announced the appointment of 8 certification bodies that will act independently. These firms will be responsible for certifying the companies that apply to be part of this program.
How will businesses benefit from this unique exercise?
In addition to improving trust and credibility, a certification in cybersecurity best practices will also help the brand at various levels. Businesses can flaunt this new certification in all their outbound communication to convey the level of cybersecurity maturity attained as well as the priority the management and employees of the business accord to cybersecurity.
Sectrio recommends that all businesses go for this certification at the earliest. This is one way of adding momentum to your cybersecurity journey as well as putting cybersecurity on your organization’s priority agenda.
How can Sectrio help in this certification?
If we split the requirements of this certification into further components, we can essentially call out 3 major outcome areas:
- Best cybersecurity measures
- Raising cybersecurity awareness levels of all stakeholders
- Putting together a roadmap for improving security on an ongoing basis
Sectrio can help secure digital assets across IT, OT, IoT, and converged environments. Sectrio can also offer its threat intelligence feeds to improve threat hunting to detect and remediate threats early. Sectrio’s offerings can also enhance the overall cybersecurity posture by helping with cybersecurity requirements around:
- Network security
- Asset security
- Visibility into networks and assets
- Information on the state of vulnerabilities and patches
- Micro-segmentation to contain threats and apply policies at a micro level
- We can offer IoT and OT focused threat intelligence
In addition, Sectrio also offers compliance kits to align your internal cybersecurity practices and measures to standards such as IEC 62443 and those recommended by NIST. We can also help your business embrace a Zero Trust approach and secure your business from sophisticated attacks at all levels including those that emerge at various points in your extended supply chain.
Don’t wait up. Book a free and no-obligation slot with our IT, IoT, and OT cybersecurity analysts and consultants to learn more about complying with the new recognition scheme. Book here.
Learn more about our IoT, IT, and OT cybersecurity solution through an interactive demo.
Try our threat intelligence feeds for free for the next two weeks.