Headlines published in the last 30 days are listed on SLW.

Data security and cyber security remain key risks for Government amid digitalisation push

Data security and cyber security remain key risks for Government amid digitalisation push

Source: Straits Times
Article Date: 09 Feb 2021
Author: Rei Kurohi

Parliament's Public Accounts Committee warned that IT-related risks will remain a key concern.

Weaknesses in IT controls across several public agencies were flagged by Parliament's Public Accounts Committee (PAC) on Monday (Feb 8), as it warned that IT-related risks will remain a key concern amid the increasing pace of digitalisation and outsourcing of IT operations in the public sector.

In particular, the Government will have to watch out for data security and cyber security risks, the committee said in its report.

West Coast GRC MP Foo Mee Har, who chairs the PAC, said in a statement: "Given the higher incidence of cyber attacks globally, the committee noted the ongoing efforts to strengthen IT governance, data security, cybersecurity as well as human capital."

"While automation is central to addressing persistent IT lapses, automation alone is not sufficient without the accompanied agencies' leadership attention and third party IT vendors' compliance."

The PAC had highlighted inadequate oversight of the activities carried out using privileged user accounts, and insufficient controls over third party vendors and partners.

For instance, Ngee Ann Polytechnic had only reviewed six out of the 38 actions that could be performed by its privileged database accounts. But since March last year, it had strengthened its processes and monitored 32 out of 38 actions, with six remaining actions assessed to be of lower impact to IT security.

Responding to the PAC on its concerns, the Smart Nation and Digital Government Group (SNDGG) said it has introduced measures to address the lapses.

For example, it has put in place a system that would alert 38 public sector agencies about staff movement and role changes, so that the agencies can manually remove accounts that are no longer needed.

A system to automate the removal process is targeted for completion in December this year.

The SNDGG said it had also taken steps to strengthen organisational structures and processes, and raise awareness of cyber threats, including setting up the Government Data Security Unit to drive and coordinate data security efforts across the public sector.

Source: Straits Times © Singapore Press Holdings Ltd. Permission required for reproduction.


Latest Headlines

Straits Times / 04 Mar 2021

Religious neutrality and secular policies

Singapore's working model, both in theory and practice, must remain the application of laws and policies that are for the benefit of the people and in the interest of the country.

No content

A problem occurred while loading content.

Previous Next

Terms Of UsePrivacy StatementCopyright 2021 by Singapore Academy of Law
Back To Top