DPCR 2 - Cybersecurity
41 Questions
0 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What was a specific containment measure implemented to protect against future attacks?

  • Upgrading all software to the latest version
  • Mandating password changes for all users (correct)
  • Removing all administrator accounts
  • Disabling all network connections
  • Which of the following security shortcomings involved an aspect of account management?

  • Weak Passwords (correct)
  • Coding Vulnerability
  • Lack of Formal Activation
  • Decommissioning Delay (correct)
  • What inherent problem allowed an attacker to retrieve sensitive login credentials?

  • Weak Firewall Configuration
  • Coding Vulnerability (correct)
  • Inactive Network Monitors
  • Malware Installation
  • Which of the following was not identified as a security shortcoming by the Personal Data Protection Commission?

    <p>Overlapping Account Permissions</p> Signup and view all the answers

    What may the Commissioner designate under Clause 7(1) Part 3 of the CSA?

    <p>A computer system providing essential services in Singapore</p> Signup and view all the answers

    Which measure was explicitly mentioned as part of the containment measures to isolate threats?

    <p>Placing the IHiS Security Operations Centre on high alert</p> Signup and view all the answers

    What consequence arose from the failure to formally activate the Security Incident Response Team (SIRT)?

    <p>Delayed identification of the attacker</p> Signup and view all the answers

    What constitutes a notifiable data breach under section 24?

    <p>It must likely result in significant harm to an affected individual.</p> Signup and view all the answers

    What is the required timeframe for notifying the PDPC of a notifiable data breach?

    <p>Within 3 calendar days.</p> Signup and view all the answers

    In the context of a data intermediary, what must the organization do upon detecting a data breach?

    <p>Notify the data controller of the data breach without undue delay.</p> Signup and view all the answers

    What is the minimum threshold of individuals affected for a data breach to be considered of significant scale?

    <p>500</p> Signup and view all the answers

    What obligation does a public agency have regarding data breaches in relation to a data intermediary?

    <p>To inform the public agency promptly of the breach.</p> Signup and view all the answers

    What characterizes a Cybersecurity Incident?

    <p>An activity affecting cybersecurity without lawful authority.</p> Signup and view all the answers

    Which of the following is essential for designating a computer system as Critical Information Infrastructure (CII)?

    <p>The system must provide an essential service continuously.</p> Signup and view all the answers

    What is required of a CII owner if there is a change in beneficial or legal ownership?

    <p>Notify the Commissioner within 7 days.</p> Signup and view all the answers

    What is the maximum timeframe allowed for reporting material changes to a CII's configuration?

    <p>30 days.</p> Signup and view all the answers

    Which of these options does NOT classify as an essential service under the First Schedule?

    <p>Social Media Management.</p> Signup and view all the answers

    What happens if a person fails to comply with information requests by the Commissioner regarding CII?

    <p>They are committing an offence with possible penalties.</p> Signup and view all the answers

    What defines a Cybersecurity Threat?

    <p>An act potentially harming cybersecurity without lawful authority.</p> Signup and view all the answers

    Which essential service category deals with national security and public order?

    <p>Functioning of Government.</p> Signup and view all the answers

    Under what circumstance can the Commissioner designate a computer as CII?

    <p>If it is necessary for continuous essential service delivery.</p> Signup and view all the answers

    What is a key factor that an organisation should consider when adopting security measures for personal data?

    <p>The nature of the personal data</p> Signup and view all the answers

    Which type of measure includes physical locks and privacy filters in an organisation's security arrangements?

    <p>Physical measures</p> Signup and view all the answers

    What should organisations implement to ensure appropriate security levels for personal data of varying sensitivity?

    <p>Robust policies and procedures</p> Signup and view all the answers

    What is considered a 'data breach' under the relevant laws?

    <p>Accidental loss of personal data storage medium</p> Signup and view all the answers

    Which responsibility falls on the data intermediary in the context of personal data protection?

    <p>Implement necessary measures for protection</p> Signup and view all the answers

    What does 'reasonable and appropriate' security arrangements refer to in the context of personal data?

    <p>The specific circumstances surrounding personal data</p> Signup and view all the answers

    How should organizations be prepared to respond in the event of an information security breach?

    <p>By being prepared and able to respond promptly</p> Signup and view all the answers

    What role do administrative measures play in securing personal data?

    <p>They include confidentiality obligations and staff training.</p> Signup and view all the answers

    What potential impact should an organisation consider regarding personal data security?

    <p>Possible harm to the individual concerned</p> Signup and view all the answers

    Which aspect is NOT typically a part of technical measures in securing personal data?

    <p>Staff training programs</p> Signup and view all the answers

    What is the requirement for owners of Critical Information Infrastructure (CII) regarding compliance with codes of practice and standards of performance?

    <p>They must comply unless waived by the Commissioner.</p> Signup and view all the answers

    What happens if the Commissioner fails to publish a notice regarding changes in a code of practice or standard of performance?

    <p>The code or standard does not take effect.</p> Signup and view all the answers

    What must the owner of a CII establish as part of their duty to report cybersecurity incidents?

    <p>Mechanisms for detecting cybersecurity threats.</p> Signup and view all the answers

    How often must an audit of compliance with the CYSA be conducted by the owner of a CII?

    <p>At least once every 2 years.</p> Signup and view all the answers

    What is the consequence of failing to comply with the regulations set forth for CIIs?

    <p>It is considered an offence.</p> Signup and view all the answers

    What may the directions issued by the Commissioner include for CII owners?

    <p>Actions for response to cybersecurity threats.</p> Signup and view all the answers

    What is the minimum frequency for conducting a cybersecurity risk assessment by CII owners?

    <p>At least once every year.</p> Signup and view all the answers

    What does a code of practice or standard of performance NOT possess?

    <p>Legislative effect.</p> Signup and view all the answers

    Who has the authority to appoint auditors for cybersecurity compliance audits?

    <p>The Commissioner.</p> Signup and view all the answers

    What type of incidents must CII owners report to the Commissioner?

    <p>Incidents specifically prescribed or directed.</p> Signup and view all the answers

    Study Notes

    Singapore Health Services Data Breach

    • Massive Data Breach: The breach affected nearly 1.5 million patients, impacting their personal data and prescription records of nearly 160,000 patients.
    • Subsidiaries of MOH Holdings: Singapore Health Services (SingHealth) and Integrated Health Information Systems (IHiS) are wholly-owned subsidiaries of MOH Holdings Pte Ltd, a company that holds the Singapore government's healthcare institutions.
    • Initial Access (August 2017): Attackers gained initial access to the SCM network by infecting a workstation likely through email phishing.
    • Remote Access & Control (Dec 2017 - May 2018): Attackers used customized malware to gain remote access to workstations and two user accounts (local admin and service).
    • Citrix Server Access (May-June 2018): From compromised workstations, attackers accessed Citrix servers at the SGH (but couldn't access SCM database).
    • Login Attempts & Credential Theft (June 2018): Multiple failed login attempts using invalid credentials. Attackers obtained SCM database login credentials from the H-Cloud Citrix server through a vulnerability
    • Data Exfiltration (June-July 2018): Hackers exfiltrated data through compromised workstations to external C2 (Command and Control) servers.
    • Initial Detection (June 2018): An IHiS database administrator discovered failed login attempts to the SCM database.
    • Investigation and Reporting (June 2018): Staff initiated investigation, involving the Security Incident Response Manager (SIRM), SingHealth CISO and members of the SMD. Meeting held to discuss failed logins.
    • Remediation Efforts (July 2018): An IHiS Assistant Lead Analyst noticed unusual queries and developed an automated script to terminate them, logging queries and alerting teams. Blocking access done to the SCM database from external sources (SGH Citrix Server).
    • Senior Management Escalation (July 2018): SingHealth and IHiS senior management alerted to the attack much later in the evening of July 9, 2018.
    • Containment Measures (July 2018): Collaboration ensued with Cyber Security Agency of Singapore to isolate the threat, reset accounts, adjust firewall, and monitor administrators.
    • Security Shortcomings: Issues like weak passwords, dormant accounts, and delayed decommissioning of systems, and inherent vulnerabilities in SCM client application.

    Cybersecurity Issues & Regulations

    • Critical Information Infrastructure (CII): Singapore's Cybersecurity Act (CSA) designates and regulates computer systems providing essential services (like healthcare) as critical.
    • Commissioner's Powers: The Commissioner can investigate cyber security incidents, issue directions for improving systems, set codes of practice for cybersecurity, and obtain information about systems.
    • Penalty (Fine/Imprisonment): Failure to comply with the CSA can result in fines up to $50,000 or up to 2 years in prison.
    • Cybersecurity Code of Practice:
    • Codes of Practice: The Cybersecurity Code of Practice focuses on preventative measures and incident response for various organizations.
    • Cybersecurity Audits & Risk Assessments: Organisations must comply with cybersecurity audits and risk assessment procedures every two years.
    • Notification of Data Breaches: A notifiable data breach is considered a breach with significant harm to an individual, or of a large scale, which needs reporting to the Personal Data Protection Commission(PDPC).
    • Notification to Affected Individuals: Organisations need to inform affected individuals of breaches potentially causing significant harm within 3 days.

    Studying That Suits You

    Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

    Quiz Team

    Related Documents

    DPCR Lec 2 Anki PDF

    Description

    This quiz examines the significant data breach affecting Singapore Health Services, revealing how nearly 1.5 million patients were impacted. It explores the breaches' timeline, methods of unauthorized access, and the implications on personal data security. Test your knowledge on this critical incident in healthcare data management.

    Use Quizgecko on...
    Browser
    Browser