Public Sector Data Security For Government Agencies
Recommendations in Singapore
Thales helps organizations address the requirements of Public Sector Data Security.
The strong fundamentals of Singapore’s current security regime need to be reinforced because there are increasing demands for valuable data to make better policies and offer digital services to the public at the very time that the IT landscape is becoming progressively more complex.
The regulation will enable government organizations to secure and protect citizens’ data end to end and will include vendors and other authorized third parties. This is expected to encourage public confidence and deliver improved public service to the people of Singapore.
All public sector agencies will be able to maintain the highest standards of data governance, bolstering the efforts taken for the vision of the Smart Nation.
Thales’ CipherTrust Data Security Platform provides the tools you need to address these guidelines in your organization, in part through:
Regulation Overview
The Singapore Government is reaffirming the importance of data security while “seeking the views of industry and global experts to recommend a slate of technical measures to strengthen data safeguards.”
The announcement was made by the Public Sector Data Security Review Committee, which was convened by Prime Minister Lee Hsien Loong in March 2019. The Committee completed its work in November 2019 and the Public Sector Data Security Review Committee (PSDSRC) report contains five key recommendations for the public sector, which when implemented would:
The Committee’s recommendations will address existing gaps and build a resilient data security regime as technology advances, systems become more integrated, and risks become increasingly multi-faceted.
The in-depth investigations of the IT systems revolve around five agencies that deal with high volumes of sensitive data:
The Government targets to implement the measures in 80 percent of Government systems by end of 2021. The timeline for the remaining 20 percent which involves systems that are complex or require significant redesign is end-2023. In the interim, agencies will put in place appropriate measures to manage the relevant data risks.
Recommendation Descriptions
1.1: Reduce the surface area of attack by minimizing data collection, data retention, data access and data downloads.
1.2: Enhance the logging and monitoring of data transactions to detect high-risk or suspicious activity.
1.3: Protect the data directly when it is stored and distributed to render the data unusable even when extracted or intercepted.
1.4: Develop and maintain expertise in advanced technical measures.
1.5: Enhance the data security audit framework to detect gaps in practices and policies before they result in data incidents.
1.6: Enhance the third-party management framework to ensure that third parties handle Government data with the appropriate protection.
The Committee has also identified six advanced technical measures, which are not sufficiently mature or readily integrate for widespread implementation:(i) Homomorphic Encryption; (ii) Multi-party authorization; (iii) Differential Privacy; (iv) Dynamic Data Obfuscation and Masking; (v) Digital Signing of Data File; and(vi) Secured File Format.
Thales CPL helps organizations to comply with Public Sector Data Security For Government Agencies through:
These recommendations cover Government and non-Government Entities that handle public sector data to deliver public services, perform operational processes, or provide consultation services for policy planning.
Data Access control
Encryption and tokenisation
User access logs
Today, it is imperative for professionals working in Singapore, and with its people and businesses, to understand the importance to enterprises of compliance with this country's digital security standards and regulations as well as the repercussions of failing to comply. This...
This eBook illustrates how a financial institution addresses advisory from the Monetary Authority of Singapore with Thales Data Security Solutions, it covers the following requirements:What is the Advisory on Addressing the Technology and Cyber Security Risks Associated with...
This ebook shows how Thales data security solutions enable you to meet global compliance and data privacy requirements including - GDPR, Schrems II, PCI-DSS and data breach notification laws.
More and more cloud-based services are becoming an integral part of the enterprise, as they lower costs and management overhead while increasing flexibility. Cloud-based authentication services, especially when part of a broader access management service, are no exception, and...
El RGPD es tal vez la norma de privacidad de datos más completa hasta la fecha. Afecta a cualquier organización que procese los datos personales de los ciudadanos de la UE, independientemente de la ubicación de la sede de la organización.
Cualquier organización que desempeñe un papel en el procesamiento de pagos con tarjetas de crédito y débito debe cumplir con los estrictos requisitos de cumplimiento de PCI DSS para el procesamiento, el almacenamiento y la transmisión de datos de cuentas.
Los países de todo el mundo han promulgado requisitos de notificación de brechas de datos tras la pérdida de información personal. Varían según la jurisdicción, pero casi siempre incluyen una cláusula de "safe harbour".