Geographic

Privacy Protection Principles, compare ISO29100, with Singapore and Hong Kong legislations

ISO 29100:2011 Privacy Framework is now a public available document and it offers a comprehensive framework. Hong Kong and Singapore Gov both enacted privacy regulations, I compare both regions’ privacy protection requirements with ISO29100. Below is a summary table. Will write more on each comparison later. ISO 29001:2011 Eleven Privacy Principles  Singapore Nine Data Privacy …

Privacy Protection Principles, compare ISO29100, with Singapore and Hong Kong legislations Read More »

Microsoft tries to address PKI issues in IE11 (SmartScreen and SNDS)

Digital certificate is widely used and the Internet cannot work without it. However, PKI (the framework digital certificates based on) has lots of issues. Last year in ISO SC27 meeting at ENISA there was a special meeting on PKI. Many issues are only raised without a conclusion, same as most issues brought international meetings. How …

Microsoft tries to address PKI issues in IE11 (SmartScreen and SNDS) Read More »

Cloud Computing in Singapore Financial Industry

Cloud Computing industry is well developed in Singapore, so it is not a big surprise seeing MAS TRM guideline has a section only on Cloud Computing. Reading the document as whole, it seems MAS is accepting the fact that cloud computing is or will be part of financial industry development. Section 5.2 Cloud Computing is …

Cloud Computing in Singapore Financial Industry Read More »

VCPs technical analysis on the MAS Technology Risk Management guidelines.

Since Singapore MAS released the TRM guideline last month, I believe many people are studying them (including me). Big Four accounting firms are usually most active in publishing explanatory reports and article with a purpose to generate more business leads. However, a group of Vmware certified professionals are taking the lead this time. They worked …

VCPs technical analysis on the MAS Technology Risk Management guidelines. Read More »

Singapore MAS Tech Risk Guideline (TRM) – Incident Reporting-SLA

Last post discussed the complication when running multiple bank applications on the same computing platform and need to decided when to report “a relevant incident” within one hour upon discovery. This part will discuss on how this requirement going to affect Services Level Agreements in Singapore banking IT operations. Before this MAS notice come into …

Singapore MAS Tech Risk Guideline (TRM) – Incident Reporting-SLA Read More »

Singapore MAS Tech Risk Guideline (TRM) – Incident Reporting

When attending a PWC Singapore meeting on new MAS guideline, there are many questions in my head regarding how the 1 hour incident reporting requirement could be fulfilled. The requirement requires banks operating in Singapore to report to MAS within one hour when relevant incident ( security breaches and malfunction) is discovered. There are a …

Singapore MAS Tech Risk Guideline (TRM) – Incident Reporting Read More »