Tuesday, April 13, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Singapore public sector called out for recurring IT lapses

January 18, 2020
in Internet Security
Singapore public sector called out for recurring IT lapses
587
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Singapore’s public sector must plug weaknesses in IT controls and resolve recurring lapses, or these will adversely impact accountability over public funds and resources. Greater use of analytics also should be considered to identify unusual behaviour within public IT systems, according to the latest report by the Public Accounts Committee. 

Responsible for assessing how public funds are used, the committee pointed to concerns over weaknesses in IT controls and lapses in procurement and contract management across the public sector. These had been highlighted repeatedly in past annual reports released by the Auditor-General’s Office, including last year’s.

You might also like

Brave browser disables Google’s FLoC tracking system

These new vulnerabilities put millions of IoT devices at risk, so patch now

Who do I pay to get the ‘phone’ removed from my iPhone?

“There is a need for the public sector to address the recurring lapses and basic mistakes,” said the Public Accounts Committee in its report. “Given the scale, speed, and complexity of the work in the public sector, the committee is concerned that these lapses–if not addressed–may compound over time and weaken the governance and accountability over public funds and resources.”

It called on the government to “more fundamentally” assess systems and process improvements as well as adopt more effective measures in extending the lessons learnt across all public sector agencies. These organisations then should follow through the plans and measures rolled out to address the lapses.

The committee called up delegates from four government agencies including the Ministry of Finance, Smart Nation and Digital Government Group (SNDGG), and Ministry of Health to discuss how the lapses would be addressed. 

Specifically, given the speed at which the public sector was implementing new IT systems, the committee expressed concerns over the repeated audit observations on weaknesses in IT controls across several public agencies. It added that many of the operating system (OS) administrators, with access to sensitive data and privileged user accounts, were IT vendor staff. 

“There is a risk of agencies not detecting unauthorised access or unauthorised activities that could compromise the integrity and confidentiality of data in their IT systems,” the committee noted, adding that the SNDGG was asked to outline its plans to address these concerns. 

In response, the group said the logging and review of privileged users’ activities were carried out manually and human oversight was needed to examine event logs, which could be “voluminous”. 

With regards to user access rights management, there also was a lack of good standard operating procedures for IT teams to identify employee’s job movements and role changes. In addition, there was no coordination between the IT and human resource departments to highlight staff movements. These resulted in delayed reviews of user access rights.

Technical measures to be rolled out

To plug weaknesses in IT controls, the SNDGG unveiled plans to “codify practices” and implement centralised systems to automate IT tasks. These would reduce the potential for human errors, it said. In this aspect, the committee recommended the smart nation group expanded the use of data analytics to extract insights and identify unusual behaviour within IT systems. 

The SNDGG also planned to build a technical system to facilitate IT governance by tapping audit and incident data to predict potential governance risks in ICT systems. Slated to be ready by October 2020, the system would enable checks and audits to be more effective and targeted, it said. 

A system to pull and analyse log data from all agencies also would be established to resolve inadequacies in the management of privileged user access. This would flag unexpected user behaviours were detected and trigger alerts to the relevant agency for review. 

The SNDGG said this would be applied to critical systems, targeted for completion by December 2022. In addition, machine learning capabilities could be incorporated so the system would become more astute in picking up anomalies over time for better insights. 

An application also would be developed to automate the removal of user accounts and access rights once HR records were updated, after an employee leaves an agency. This would be rolled out for critical systems by December 2023. 

To further beef up accountability, the SNDGG said a senior officer–at the Deputy Secretary level–since had been appointed at every ministry to oversee ICT governance and security issues as well as drive their respective ministry’s technology and digitalisation efforts.

In its 2019 report, the Auditor-General Office highlighted IT controls as a major area for improvement. The Ministry of Defence, for example, granted several employees of a third-party IT vendor access to its Enterprise Human Resource system, enabling them to read personnel and payroll information on the system, including 73 data types for which the ministry required controlled access to be put in place.

In addition, no review was carried out on the log records of the datasets that had been accessed and read by the IT vendors. In fact, the Defence Ministry had not conducted a review of such log records since 2014, which meant any access for unauthorised purposes would have gone undetected and not followed up upon. 

“With vast amounts of data managed, which includes personal and confidential data, any unauthorised access or activity could have significant implication on the integrity and confidentiality of the data in the IT systems,” the Auditor-General Office noted. 

Investigation into a July 2018 security breach, which compromised personal data of 1.5 million SingHealth patients, uncovered several poor security practices, including the use of weak administrative passwords and unpatched workstations. Inadequacy in the network also allowed the hackers to run bulk queries because the system lacked rules or controls that could have identified such patterns of behaviour or unauthorised use.

This, and a spate of breaches that involved other government entities, led to a review last April of data security practices within the public sector to assess, amongst others, processes related to the collection and protection of citizens’ personal data.

RELATED COVERAGE

Credit: Zdnet

Previous Post

Key Graph Based Shortest Path Algorithms With Illustrations - Part 1: Dijkstra's And Bellman-Ford Algorithms

Next Post

How blockchain іs disrupting data storage and handling

Related Posts

Brave browser disables Google’s FLoC tracking system
Internet Security

Brave browser disables Google’s FLoC tracking system

April 13, 2021
These new vulnerabilities put millions of IoT devices at risk, so patch now
Internet Security

These new vulnerabilities put millions of IoT devices at risk, so patch now

April 13, 2021
Apple looking to close the gap between web and app privacy
Internet Security

Who do I pay to get the ‘phone’ removed from my iPhone?

April 13, 2021
Criminals spread malware using website contact forms with Google URLs
Internet Security

Criminals spread malware using website contact forms with Google URLs

April 13, 2021
Bug bounties: More hackers are spotting vulnerabilities across web, mobile and IoT
Internet Security

Critical security alert: If you haven’t patched this old VPN vulnerability, assume your network is compromised

April 13, 2021
Next Post
How blockchain іs disrupting data storage and handling

How blockchain іs disrupting data storage and handling

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Brave browser disables Google’s FLoC tracking system
Internet Security

Brave browser disables Google’s FLoC tracking system

April 13, 2021
New NAME:WRECK Vulnerabilities Impact Nearly 100 Million IoT Devices
Internet Privacy

New NAME:WRECK Vulnerabilities Impact Nearly 100 Million IoT Devices

April 13, 2021
Machine Learning Approach In Fantasy Sports: Cricket
Machine Learning

Machine Learning Approach In Fantasy Sports: Cricket

April 13, 2021
These new vulnerabilities put millions of IoT devices at risk, so patch now
Internet Security

These new vulnerabilities put millions of IoT devices at risk, so patch now

April 13, 2021
BRATA Malware Poses as Android Security Scanners on Google Play Store
Internet Privacy

BRATA Malware Poses as Android Security Scanners on Google Play Store

April 13, 2021
6 Limitations of Desktop System That QuickBooks Hosting Helps Overcome
Data Science

6 Limitations of Desktop System That QuickBooks Hosting Helps Overcome

April 13, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Brave browser disables Google’s FLoC tracking system April 13, 2021
  • New NAME:WRECK Vulnerabilities Impact Nearly 100 Million IoT Devices April 13, 2021
  • Machine Learning Approach In Fantasy Sports: Cricket April 13, 2021
  • These new vulnerabilities put millions of IoT devices at risk, so patch now April 13, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates