Home > News and Advocacy > Our Presence > Past Events > Year 2017 Events > Learn At Lunch: New Cybersecurity Bill - Role of IA

Learn At Lunch: New Cybersecurity Bill - Role of IA

On 14 September 2017, IIA Singapore organised a “Learn at Lunch” talk with a focus on the “New Cybersecurity Bill - Role of Internal Audit”. Delivered by Mr Lim Thian Chin, Head of Critical Information Infrastructure (CII) Protection at the Cyber Security Agency of Singapore (CSA), the talk saw an attendance of close to 40 Internal Audit professionals. Mr John Lee, President of ISACA Singapore moderated the session during the Question & Answer segment. 

With cyberattacks getting increasingly frequent and sophisticated, the proposed Cybersecurity Bill will establish a framework for the oversight and maintenance of national cybersecurity in Singapore.

Mr Lim explained about the regulation of CII owners, which include networks such as the country's telecommunications backbone.  He also covered the duties and responsibilities of CII owners. The Bill will empower CSA officers to manage and respond to cybersecurity threats and incidents, through the sharing of cybersecurity information with CSA officers and designated agencies. It also licenses the provision of penetration testing and Security Operations Centre services which will provide greater assurance of safety and security to consumers of cyber security services.

“Internal audit leaders can be significant contributors to cybersecurity efforts. And a good start is to develop a cyber defender mindset. Beyond efforts to block cyberattacks and data breeches, it is imperative that they embrace the concept of cyber resiliency and a holistic view of how the organisation plans for and responds to a successful cyberattack. This way, the internal auditors help to keep watch over the operating environment and management culture, and assess the effectiveness of risk management so as to alert senior management on critical issues,” said Mr Lim. He further outlined this set of advice on the role of Internal Audit:

a)         Keep cybersecurity on the right agenda

b)         Develop collaborative relationships with Chief Information Officers (CIO) and Chief Information Security Officers (CISO)

c)         Shape a cyber defender mindset

d)         Do less for more - minimise audit fatigue

Reinforcing the critical role played by Internal Audit, Ms Debbie Goh, Senior Vice President of Group Internal Audit, Fraser and Neave said: “The insights on the role of Internal Audit were truly spot on. The war against these threats cannot be waged by the IT function alone. Internal Audit is a pivotal ally, and must join forces with IT, together with the board, management and front-line units. To build a truly robust cybersecurity strategy, there must be more cooperation between Internal Audit and IT executives. Heads of audit too, have to build relationships with the CIO and CISO to gain a clear understanding of what security and IT teams need.”

Clearly, cyber threats represent on-going risks which require continuous protection and safeguards. IIA Singapore will keep members updated through email broadcasts, talks, courses, conferences and e-publications, so be sure to keep in touch with IIA Singapore by visiting our website, www.iia.org.sg, regularly.



View here for more photos.