Following two major data breaches in the last year, the Singapore Government has announced measures to reform their data-protection standards across the public sector. As we all know, Government authorities around the world are under enormous pressure to deliver improved public services for less, but also to meet the public’s expectation that they maintain the highest standards of data privacy and protection. Meeting both objectives is difficult! With an increase in demand for more automation, efficiency and better customer service levels inevitably this will result in further usage of online personal data. All too often, public (and private) organizations are still suffering the consequences of data exposure or data losses that have eroded the trust of their citizens and customers by failing to safeguard private, personal information.
The Singapore Government have taken matters in to their own hands and have developed 13 technical measures to conform to a common definition of what is entailed for handling sensitive information and have outlined the requirements in a new ‘Information sensitivity framework’. Hopefully 13 will prove to be a lucky number…….
The 13 measures include:
- Hashing with salt
- Tokenisation
- Field Level Encryption
- Obfuscation/masking
- Dataset partitioning
- Data file integrity verification
- Password protecting and encrypting
- Digital Watermarking
- Email data protection tool
- Data loss protection tools
- Volume-limited and time-limited data access
- Automatic identity and access management (IAM) tools
- Enhanced logging and active monitoring of data access
It goes without saying, that all organizations need strong password protection, tight access controls, and the many other security measures most organizations have in place today, however many breaches, (just like the database breach that the Singapore Government Health authority suffered), come from insiders! The staff who have authorized access, that takes them past the traditional perimeter security controls.
Being the leader in Security Through System Integrity NNT are extremely well positioned to underpin initiatives such as the Singapore Government 13 measures. NNT suggests implementing a sophisticated Breach and Host Intrusion Detection solution that will forensically evaluate normal operations within your IT systems and applications and alert you of unauthorized or suspicious changes that could be the result of an insider hack or potential malware.
In addition, as Government authorities continue to be a target, it's important these organizations protect personal data from the risk of cyber threats by adopting a SecureOps™ strategy. SecureOps™ combines established best practices for security and IT service management to deliver a holistic and comprehensive solution that identifies and highlights unknown, unwanted and potentially malicious events in real-time…without all the NOISE and headaches of endless alerts.