Cybersecurity Code-of-Practice (CCoP) 2.0: Complying with InsiderSecurity

Why choose InsiderSecurity for CCoP 2.0

InsiderSecurity products are built for compliance

  • Ease of use, especially useful for small IT teams
  • Automated review of account activity saves hours in monitoring
  • Built-in workflow that support governance and audits

Do you also know:

  • InsiderSecurity is used and trusted by Singapore CII today
  • InsiderSecurity is IMDA accredited
  • InsiderSecurity is an award-winning Singaporean technology company that has its engineering and technical support teams in Singapore

What is Cybersecurity Code-of-Practice (CCoP) 2.0?

The Cybersecurity Code-of-Practice (CCoP) 2.0 refers to the Cybersecurity Code of Practice for Critical Information Infrastructure 2.0, which is an updated version of the CCOP 1.0 released in 2018. The CCoP 2.0 published on 4 July 2022. It specifies the minimum cybersecurity requirements that organizations operating Critical Information Infrastructure (CII) must implement to ensure the security and resilience of their IT or OT system and/or network infrastructure, including physical devices and systems, software platforms, and applications of the CII.

The primary objective of CCoP 2.0 is to enhance the defensive capabilities of organisations against the sophisticated tactics, techniques, and procedures (TTPs) employed by cyber attackers. It seeks to impede their progress of attacks and improve the agility to tackle emerging risks in domains such as cloud, AI, and 5G. Additionally, it facilitates coordinated defenses between the government and private sectors to promptly identify, discover, and respond to cybersecurity attacks and threats.

Whom will CCoP 2.0 affect?

The designated CII sectors, which are responsible for the continuous delivery of essential services in Singapore, are Government, Energy, Water, Healthcare, Banking & Finance, Transport (encompassing Land, Maritime, and Aviation), Media, Infocomm, and Security & Emergency Services.

How does InsiderSecurity meet CCOP 2.0?

InsiderSecurity helps to meet key CCoP 2.0 requirements that are challenging and tedious to comply with. As a leader in automated analytics, InsiderSecurity’s solutions are especially useful for smaller IT teams. InsiderSecurity solutions are used in Singapore CII today. 

InsiderSecurity meets CCOP2.0 in the below two areas: 

  • Database security
    InsiderSecurity’s simplified database monitoring flags out data access anomalies. InsiderSecurity saves manpower in monitoring.
  • Monitor for anomalies in user behaviour patterns
    InsiderSecurity’s automated log analysis flags out anomalies in behaviour patterns and detects early signs of breach. With InsiderSecurity, the user does not have to manually review high volume log events or alerts. InsiderSecurity makes sense of the logs and saves manpower in monitoring.

Which CCOP2.0 requirements are addressed by InsiderSecurity?

CCoP 2.0 Requirements Clause InsiderSecurity
5.2 Account Management 5.2.1(d) Establish mechanisms and processes to monitor the activities of each account, including behavioural patterns, for any anomalies and to trigger an alert for investigation when any anomaly is detected; Yes
5.13 Database Security 5.13.4 The CIIO shall monitor databases in a CII for anomalous activities and trigger an alert for investigation when any anomaly is detected. Yes
5.13.5 The CIIO shall monitor for bulk queries that exceed a predetermined threshold of data to be retrieved and trigger an alert for investigation when any such bulk query is detected. Yes
6.1 Logging 6.1.1 The CIIO shall generate, collect and store logs of the following: Yes
(a) All access and attempts to access the CII and the activities during such access, including application and database activities, and access to data in the CII; Yes
6.2 Monitoring and Detection 6.2.1 The CIIO shall establish and implement mechanisms and processes for the purposes of: Yes
(a) Monitoring and detecting all cybersecurity events in respect of the CII; Yes
(b) Collecting and storing records of all such cybersecurity events (including, where available, logs relating to the cybersecurity event); Yes
(c) Analysing all such cybersecurity events, including correlating between cybersecurity events, and determining whether there is or has been any cybersecurity incident; and Yes
6.2.2 For the purposes of monitoring and detecting cybersecurity events, the mechanisms and processes established by the CIIO shall include: Yes
(b) Establishing the normal day-to-day operational activities and network traffic in the CII, and using this as a baseline against which the CIIO is to monitor for deviations and anomalous activities; and Yes
(c) Ensuring that alerts for further investigation are triggered for all deviations and anomalous activities that are detected. Yes

CSA has also provided more clarification via their Responses to Feedback Received dated July 2022. The below compliance table outlines how InsiderSecurity meets the CSA responses on CCoP 2.0:

CSA responses on CCoP 2.0InsiderSecurity
11.4 The CIIO is expected to monitor the behavioural patterns of user accounts within the CII environment and to trigger an alert if a CIIO detects suspicious behaviour patterns or behaviour patterns that deviate from the expected baseline.Yes
11.12 The intent of the clause is to facilitate early detection of any unauthorised access and malicious activities performed by the privileged accounts. The CIIO should log privileged account related activities such as login attempts, configuration changes etc.Yes
11.41. The CIIO should log and monitor all application access and activities to detect any unauthorised access or malicious activities to the application. Following the feedback, CSA has revised the clause to provide clarity.Yes
12.15. Examples of the components of the threat hunting include having data to baseline normal traffic to find outliners, develop hypothesis based on tools and framework, and investigate and analyse potential threats to discover any new malicious patterns in the data and uncover threat actor’s TTPs.Yes

What are the InsiderSecurity products that meet CCOP2.0?

InsiderSecurity’s Database Activity Monitor (DAM) discovers data access anomalies early before there is serious data loss. Some of its key features are:

  • Easy Deployment and Reduce Operation Cost
    By leveraging on machine learning and AI, Database Activity Monitor does not require the user to configure complex, error-prone database rules. Database Activity Monitor works practically out-of-the-box.
  • Automated monitoring for suspicious data activity
    Automatically detect suspicious database administrator activities, data theft and unusual network activities in the databases.
  • Save manpower
    With smart algorithms making sense of events 24/7, customers only need to review high-risk accounts and activities instead of long, complex reports.
  • Built for compliance
    Features for IT governance and support for audit.

InsiderSecurity’s Automated UEBA flags out anomalies in behaviour patterns and detects early signs of breach. Some of its key features are:

  • Stop Internal Threats
    Continuous, automated monitoring of all user behaviours to uncover suspicious user activities early, before there is any serious data loss
  • Automated Threat Detection
    Detect automatically and save on manpower.
  • Advanced Sensors
    Provide visibility needed to catch Advanced Persistent Threats (APTs)
  • Built for compliance
    Features for IT governance and support for audit.

About InsiderSecurity

InsiderSecurity is a Singapore-based cybersecurity technology company that has garnered industry recognition and awards. Founded by a team of cybersecurity experts, InsiderSecurity provides cutting-edge user behavior analytics to detect internal cyber threats early.

InsiderSecurity is a two-time winner on CSA Cybersecurity Innovation Day, in 2020 and 2022, and has also been listed in the ASEAN 40 under 40 for its groundbreaking cybersecurity innovations. InsiderSecurity is the only company accredited by Singapore Government in the area of User and Entity Behavior Analytics. This means that InsiderSecurity met IMDA’s high standards for deployment in enterprises and government agencies.

InsiderSecurity solutions are used by large enterprises and government agencies today.

Complying CCoP2.0 with InsiderSecurity

For more information on how InsiderSecurity can help you meet your compliance and security needs

Contact Now