Cyber Safe
Certification Scheme
Attain a mark of distinction
for your organisation’s robust cyber security posture
The ISO 27001:2013 information security standard specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving a documented ISMS to manage information security efficiently and effectively.
Cyber Safe Certification Scheme
The Cyber Safe Certification Scheme is an initiative launched by Cyber Security Agency (CSA), which recognises organisations that have adopted and implemented good cyber security practices.
Revolving around People, Processes and Technology, the scheme takes on the risk-based approach with the aim to help identify and guide organisations to put in place adequate cyber security measures to protect and defend systems and operations against cyber-attacks.
In consideration of the diverse organisational profiles and operational needs that businesses have in Singapore, the scheme comprises two cybersecurity marks:
Catered for Small and Medium Enterprises (SMEs)
Enable organisations to prioritise cybersecurity which focuses on five aspect of Cyber Hygiene:
Assets, Secure/Protect, Update, Backup, Respond.
Catered for larger or more digitalised organisations
Based off a risk-based approach, enabling organisation to adopt cybersecurity practices that commensurate with their cybersecurity risk profile according to the Fice Cybersecurity preparedness tier
With proliferating supply chain cyber-attacks in the digital space, it is essential that organisations can ensure and demonstrate the robustness of their cyber security posture, which provides business assurances to their partners and customers. Thus, certifications like these can serve as proof to indicate the organisation’s commitment to ensuring the business remains cyber-secure.
A Mark Of Distinction For Organisations With Good Cyber Hygiene Practices To Secure Their Operations And Systems From Common Cyber-Attacks.
It is catered for Small and Medium Enterprises (SMEs) – which often have limited IT and/or cybersecurity expertise and resources.
The Cyber Essentials Mark takes on a baseline control approach for protection against common cyber attacks that focuses on five aspects of Cyber Hygiene which include:
Assets
Secure/Protect
Update
Backup
Respond
The certification is valid for two years. The assessment mode is a desktop assessment by an independent assessor.
Cyber Essentials — CISO As A Service (CISOaaS)
In the form of a Chief Information Security Officer (CISO) as a Service, this consultancy service is catered for SMEs to implement cyber hygiene measures defined as prevailing requirements and/or recommendations in the Cyber Essentials Certification Mark.
Privasec is a CSA-approved CISOaaS provider, where we offer comprehensive CISO as a Service to assist SMEs who may need in-house cybersecurity resources. From the development of a cybersecurity health plan tailored to the organisation’s needs, which ensures proper documentation and effective security awareness training for employees, organisations can work towards attaining the CSA Cyber Essential Mark.
With tiered services at a subsidised rate (eligible SMEs are offered up to 70% co-funding support), SMEs can adopt the package that aligns best with their budget and requirements.
A Mark Of Distinction For Organisations With Comprehensive Cybersecurity Measures And Practices Commensurable With Their Risk Profile.
It is catered for larger or more digitalised organisations, where these organisations would need to go beyond cyber hygiene.
With extensive IT infrastructures, the organisation may have higher risk levels. Thus, investments in cyber security expertise and resources to manage and secure its IT infrastructure are paramount
The Cyber Trust Mark takes on a risk-based approach, which aims to enable organisations to adopt and implement relevant cybersecurity practices that commensurate with their cybersecurity risk profile.
The certification is valid for three years, with annual surveillance required. The assessment is based on the organisation’s documentation and the implementation and effectiveness of their cyber security practices, by an independent assessor.
There are five Cybersecurity Preparedness tiers, with 10-22 domains under each tier.
- Non-prescriptive – Organisations would need to identify the Cybersecurity Preparedness tier based on its needs and risk profile.
(Depending on the organisation, some of the controls within the domains may not be applicable to the organisation)
[Adapted from CSA]
Click Here to download infographics
Benefits of Certification
Risk-Based Approach
Marketable
Security Credentials
Marks of distinction recognised by the Singapore Agency for organisations with good cyber hygiene/ comprehensive cyber security measures in place to protect and secure operations and systems against cyber attacks.
Provide Maturity and Security Assurance to your stakeholders.
Advancement to International Standards (ISO 27001)
Up to 65% of the controls in CSA Trustmark can be mapped to ISO/IEC 27001’s.
Depending on the organisation’s readiness level, integrated options to certify with the ISO 27001 standard are available.
How can Privasec Help?
Your organisation’s security risk profile is as much an integral facet of your business as the traditional core components. Maintaining and improving your digital security is vital in protecting your business continuity.
Tailored Approach for Lean Compliance profile
Depending on your organisation’s needs and risk profile, we can help identify the security requirements set up in the Trust Mark.
Based on your business objectives and resources, we can assist you in maintaining a lean compliance profile and expand upon it as your business grows.
Expertise in Governance, Risk and Compliance (GRC)
Our GRC experts will assist your organisation in identifying the optimal set of critical gaps to address, which can uplift your organisations’ security posture effectively in the shortest amount of time.
Detailed Guidance and Implementation
Professional guidance and assistance will be provided to evaluate your organisation’s risk inventory and security controls.
A roadmap with clearly defined security milestones to address critical gaps and longer-term solutions will be established.
Business Case Presentation
Taking on the business perspectives, we can help address queries from your stakeholders to demonstrate and explain the security investments.
Our Credentials
Related Posts:
Want to be Cyber Safe Certified?
Get on your way to attain your Cyber Safe Certification today!
Contact us to get a detailed understanding of the Certification.