Public Sector Data Security For Government Agencies
Recommendations in Singapore
Thales helps organizations address the requirements of Public Sector Data Security.
The strong fundamentals of Singapore’s current security regime need to be reinforced because there are increasing demands for valuable data to make better policies and offer digital services to the public at the very time that the IT landscape is becoming progressively more complex.
The regulation will enable government organizations to secure and protect citizens’ data end to end and will include vendors and other authorized third parties. This is expected to encourage public confidence and deliver improved public service to the people of Singapore.
All public sector agencies will be able to maintain the highest standards of data governance, bolstering the efforts taken for the vision of the Smart Nation.
Thales’ CipherTrust Data Security Platform provides the tools you need to address these guidelines in your organization, in part through:
Regulation Overview
The Singapore Government is reaffirming the importance of data security while “seeking the views of industry and global experts to recommend a slate of technical measures to strengthen data safeguards.”
The announcement was made by the Public Sector Data Security Review Committee, which was convened by Prime Minister Lee Hsien Loong in March 2019. The committee conducted a comprehensive review and inspection of 336 systems across 94 public agencies to identify risk areas and common causes of data breaches. The Committee completed its work in November 2019 and the Public Sector Data Security Review Committee (PSDSRC) report contains five key recommendations for the public sector, which when implemented would:
The Committee’s recommendations will address existing gaps and build a resilient data security regime as technology advances, systems become more integrated, and risks become increasingly multi-faceted.
The Government targets to implement the measures in 80 percent of Government systems by end of 2021. The timeline for the remaining 20 percent which involves systems that are complex or require significant redesign is end-2023. In the interim, agencies will put in place appropriate measures to manage the relevant data risks.
Recommendation Descriptions
1.1: Reduce the surface area of attack by minimizing data collection, data retention, data access and data downloads.
1.2: Enhance the logging and monitoring of data transactions to detect high-risk or suspicious activity.
1.3: Protect the data directly when it is stored and distributed to render the data unusable even when extracted or intercepted.
1.4: Develop and maintain expertise in advanced technical measures.
1.5: Enhance the data security audit framework to detect gaps in practices and policies before they result in data incidents.
1.6: Enhance the third-party management framework to ensure that third parties handle Government data with the appropriate protection.
The Committee has also identified six advanced technical measures, which are not sufficiently mature or readily integrate for widespread implementation:(i) Homomorphic Encryption; (ii) Multi-party authorization; (iii) Differential Privacy; (iv) Dynamic Data Obfuscation and Masking; (v) Digital Signing of Data File; and(vi) Secured File Format.
Thales CPL helps organizations to comply with Public Sector Data Security For Government Agencies through:
These recommendations cover Government and non-Government Entities that handle public sector data to deliver public services, perform operational processes, or provide consultation services for policy planning.
Data Access control
Encryption and tokenisation
User access logs
Today, it is imperative for professionals working in Singapore, and with its people and businesses, to understand the importance to enterprises of compliance with this country's digital security standards and regulations as well as the repercussions of failing to comply. This...
This eBook illustrates how a financial institution addresses advisory from the Monetary Authority of Singapore with Thales Data Security Solutions, it covers the following requirements:What is the Advisory on Addressing the Technology and Cyber Security Risks Associated with...
This ebook shows how Thales data security solutions enable you to meet global compliance and data privacy requirements including - GDPR, Schrems II, PCI-DSS and data breach notification laws.
More and more cloud-based services are becoming an integral part of the enterprise, as they lower costs and management overhead while increasing flexibility. Cloud-based authentication services, especially when part of a broader access management service, are no exception, and...
Perhaps the most comprehensive data privacy standard to date, GDPR affects any organization that processes the personal data of EU citizens - regardless of where the organization is headquartered.
Any organization that plays a role in processing credit and debit card payments must comply with the strict PCI DSS compliance requirements for the processing, storage and transmission of account data.
Data breach notification requirements following loss of personal information have been enacted by nations around the globe. They vary by jurisdiction but almost universally include a “safe harbor” clause.