Cybersecurity Code of Practice For Critical Information Infrastructure
– Second Edition (CCoP2.0) of Singapore

The Cybersecurity Code of Practice For Critical Information Infrastructure – Second Edition (CCoP2.0) is intended to specify the minimum requirements that the critical information infrastructure owner (CIIO) shall implement to ensure the cybersecurity of the CII, due to the evolving cyber threat landscape with threat actors using sophisticated tactics, techniques, and procedures (TTPs) to attack CII sectors.

The CCoP 2.0 document addresses the key requirements for CII below.

• Governance
• Identification
• Protection
• Detection
• Response and Recovery
• Cyber Resiliency
• Cybersecurity Training and Awareness
• Operational Technology (OT) Security

Thales helps Critical Information Infrastructure (CII) to align the CCoP2.0 requirements with a focus on Protection Requirements through:

• Access Control
• Data Security & Cryptographic Key Management

Access Control

Thales Access Management and Authentication solutions provide both the security mechanisms and reporting capabilities organizations need to comply with CCOP2.0 requirements.

Data Security & Cryptographic Key Management

Protect: It is crucial to apply protective measures such as encryption or tokenization to sensitive data. To successfully secure sensitive data, the cryptographic keys themselves must be secured, managed and controlled by the organization.

• CipherTrust Database Protection provides high-performance and database encryption with granular access controls.
• CipherTrust Tokenization offers file-level encryption with access controls, application-layer encryption, database encryption, static data masking, vaultless tokenization with policy-based dynamic data masking, and vaulted tokenization to support a wide range of data protection use cases.
• CipherTrust Transparent Encryption (CTE) delivers data-at-rest encryption with centralized key management, privileged user access control and detailed data access audit logging.
• CipherTrust Data Protection Gateway (DPG) enables transparent data protection to any RESTful web service or microservice leveraging REST APIs.

Monitor: Enterprises need to monitor access to sensitive data to identify ongoing or recent attacks from malicious insiders, privileged users, and other cyber threats.

• CipherTrust Security Intelligence logs and reports streamline compliance reporting and speedup threat detection using leading Security Information and Event Management (SIEM) systems.

Control: CII Organizations require to control access to their data and centralize key management. Every data security regulation and mandate requires organizations to be able to monitor, detect, control, and report on authorized and unauthorized access to data and encryption keys.

• The CipherTrust Data Security Platform (CDSP) delivers robust enterprise key management via Enterprise Key Management solutions to manage and protect keys on behalf of a variety of applications.
• Thales Cipher Trust Cloud Key Manager (CCKM) centralizes encryption key management from multiple environments, presenting all supported clouds and even multiple cloud accounts in a single browser tab.