Singapore will soon roll out tools and measures to connect the many “IT vulnerabilities” highlighted in the report, including weak controls and an inadequate review process for privileged user activities. The report also emphasized the need to reduce the risks and new risks posed by the rapid digital transformation during the global epidemic.
According to a recent Public Accounts Committee report, efforts are underway to address IT issues since last year, with automated tools taking precedence.
The measures were hatched in January the previous year when the committee argued with the public sector that repetitive IT had expired in its 2020 report. It also pointed out the lack of acceptable practice in managing user access rights through the entry and review of user rights manually.
The committee added that the regulation of retailers and partners of foreign companies could be strengthened. “Given the increasing rate of digital integration and outsourcing of IT services in the public sector, IT-related risks such as data security and security risks will remain significant threats to government,” he noted in a report released Monday.
Smart Nation and the Digital Government Group (SNDGG) led efforts to fill the vacancies, which emphasized the importance of human governance, process transformation, adherence to these new procedures, and the introduction of automation and technology tools.
The government agency said it was developing a single tool that would include the automatic use of deleting inactive user accounts, which still needs to be handled despite introducing a new application informing organizations of staff departures and changes in the field. The stadium has been distributed to 38 agencies since October 2019.
The currently integrated tool is intended to be completed by the end of 2021, after which agencies will have to integrate all existing systems with one platform over the next three years. This will be rolled out to high-level programs by December 2023 and all remaining programs by December 2024, according to the SNDGG.
Another tool to assist in the review of eligible users’ rights is the one set to be implemented in state-of-the-art programs in December 2022, followed by the pilot – launched last April – involving 15 government agencies.
The SNDGG reported that it was “refining” adoption rules to monitor various types of logs, including operating systems, information, networks, applications, security, and the concept of improving the acquisition system’s efficiency. Utilities will be continuously increased in all sectors from January 2021.
Steps have also been taken to strengthen organizational processes, aiming to facilitate greater ownership to end IT care. For example, in the area of data and cybersecurity, an agency security officer and a senior data manager will now be required to report cybersecurity and data issues directly to the agency’s head.
All spheres of government will have access to audit and incident data to predict potential governance risks in IT systems. The first batch of agencies is expected to begin testing this in the first quarter of 2021, with shipments across the sector targeted in the second quarter.
According to the Public Accounts Committee, new procedures have been put in place across all government spheres to provide a “more orderly and effective response” to data incidents. This includes establishing the Government Data Security Center Center last April as a public way to report incidents of information affecting a public agency.
From March 2021, all public bodies will be required to conduct annual cyber tests and data security data.
From now on, the Public Accounts Committee has realized that the rapid digital transformation brought about by the COVID-19 epidemic can pose risks and risks. It said SNDGG was being investigated for those risks and how the agency was reducing them.
In response, the national strategy team said it was developing a comprehensive government “ICT and Smart System” program, which would include the central office, disaster risk management, and the integration of the framework and risk management for each business process.
The SNDGG identified ten potential risks but noted that most of them were on track for ongoing efforts, including strengthening data security frameworks and security risks and human risk management.
The Singapore government in February 2020 said it would invest SG $ 1 billion to strengthen its cybersecurity and data security systems, recognizing that this was important as its agencies expanded technologies such as artificial intelligence, cloud, and Internet of Things. To be used over the next three years, the funds are designed to prepare the country to deal with cyber threats as computer efforts intensify.