Cyber Security Code Of Practice (CCOP)
Compliance Audit

What is Critical Information Infrastructure (CII)?

Critical Information Infrastructure is a computer or a computer system located wholly or partly in Singapore, necessary for the continuous delivery of an essential service, and the loss or compromise of the computer or computer system will have a debilitating effect on the availability of the essential service in Singapore.

The Cyber Security Agency of Singapore (CSA) has worked closely with Sector Leads to identify the Critical Information Infrastructure (CII) supporting the provision of essential services across 11 critical sectors.

The critical sectors are Energy, Water, Banking & Finance, Healthcare, Transport (which includes Land, Maritime, and Aviation), Government, Infocomm, Media, and Security & Emergency Services.

WHAT IS CCOP COMPLIANCE AUDIT?

As CII operators experience rapid changes in technology, new regulatory requirement and evolving threat landscape, it is difficult for them to safeguard their critical information infrastructure.

The CSA document seeks to level up new cybersecurity capabilities in the CII sectors due to the cyber threat landscape having evolved with threat actors using sophisticated tactics, techniques, and procedures (TTPs) to attack CII sectors. Each CII sector faces cybersecurity risks that are specific to their digital terrain, and cyber-attacks have increased in scale and sophistication to a point where they could present systemic risks to Singapore.

The Singapore Cybersecurity Bill passed into law on 5th February 2018, provides a framework for the regulation of CII and formalises the duties of CII owners in ensuring the cyber security resilience of their respective CIIs.

A Cyber Security Code of Practice (CCoP) compliance audit can help CII owners to meet the requirements and achieve compliance.

CCoP aims to improve the odds of defenders against hackers’ sophisticated TTPs and impede their progress of attacks. It also enhances agility in addressing emerging risks across domains such as cloud, 5G, and AI. It enables coordinated defenses between government and private sectors to identify, discover, and respond to cybersecurity threats and attacks on a timely basis.

The CCoP 2.0 document also addresses governance requirements, which involve establishing and
maintaining frameworks to ensure the cybersecurity strategies of the CIIO are aligned with their business objectives. It also guides the CIIO in evaluating, defining, and directing efforts to manage cybersecurity risks. It also considers identifying resources and assets supporting the CIIO’s critical business functions. Finally, it also enables the CIIO to prioritize its efforts in protecting its assets.

WHO NEEDS CCOP COMPLIANCE AUDIT?

CCoP Compliance Audit is relevant for owners of Critical Infrastructure.
Each CII sector faces cybersecurity risks that are specific to their digital terrain, and cyber-attacks
have increased in scale and sophistication to a point where they could present systemic risks to
Singapore.

GICG IS A TRUSTED REGULATORY AUDIT PROVIDER

GICG is one of the leading and internationally recognised Testing, Inspection and Certification (TIC)
organisation with close to 30 years of experience in risk management, certification and training for Information Security and Data Protection management systems. GICG conducts risk assessments and gap analysis aligning and complying with legal and regulatory requirements to mitigate your financial risk and reputational risk.

CONTACT US

Scroll to Top