Cybersecurity Code of Practice For Critical Information Infrastructure
– Second Edition (CCoP2.0) of Singapore

The Cybersecurity Code of Practice For Critical Information Infrastructure – Second Edition (CCoP2.0) is intended to specify the minimum requirements that the critical information infrastructure owner (CIIO) shall implement to ensure the cybersecurity of the CII, due to the evolving cyber threat landscape with threat actors using sophisticated tactics, techniques, and procedures (TTPs) to attack CII sectors.

The CCoP 2.0 document addresses the key requirements for CII below.

• Governance
• Identification
• Protection
• Detection
• Response and Recovery
• Cyber Resiliency
• Cybersecurity Training and Awareness
• Operational Technology (OT) Security

Thales helps Critical Information Infrastructure (CII) to align the CCoP2.0 requirements with a focus on Protection Requirements through:

• Access control
• Data Security & Cryptographic Key Management

Access control

Thales Access Management and Authentication solutions provide both the security mechanisms and reporting capabilities organisations need to comply with CCOP2.0 requirements.

Data Security & Cryptographic Key Management

Protect: It is crucial to apply protective measures such as encryption or tokenisation to sensitive data. To successfully secure sensitive data, the cryptographic keys themselves must be secured, managed and controlled by the organisation.

• CipherTrust Database Protection provides high-performance and database encryption with granular access controls.
• CipherTrust Tokenisation offers file-level encryption with access controls, application-layer encryption, database encryption, static data masking, vaultless tokenisation with policy-based dynamic data masking, and vaulted tokenisation to support a wide range of data protection use cases.
• CipherTrust Transparent Encryption (CTE) delivers data-at-rest encryption with centralised key management, privileged user access control and detailed data access audit logging.
• CipherTrust Data Protection Gateway (DPG) enables transparent data protection to any RESTful web service or microservice leveraging REST APIs.

Monitor: Enterprises need to monitor access to sensitive data to identify ongoing or recent attacks from malicious insiders, privileged users, and other cyber threats.

• CipherTrust Security Intelligence logs and reports streamline compliance reporting and speedup threat detection using leading Security Information and Event Management (SIEM) systems.

Control: CII Organisations require to control access to their data and centralise key management. Every data security regulation and mandate requires organisations to be able to monitor, detect, control and report on authorised and unauthorised access to data and encryption keys.

• The CipherTrust Data Security Platform (CDSP) delivers robust enterprise key management via Enterprise Key Management solutions to manage and protect keys on behalf of a variety of applications.
• Thales Cipher Trust Cloud Key Manager (CCKM) centralises encryption key management from multiple environments, presenting all supported clouds and even multiple cloud accounts in a single browser tab.