Supplementary references will be introduced periodically to help owners of Critical Information Infrastructure (CII) proactively secure and build resilience into their systems. These references serve as additional resources for CII owners when complying with Code of Practices issued by the Commissioner of Cybersecurity. The list of supplementary references can be found below:
1. Security-by-Design Framework
The Security-by-Design Framework [PDF, 2 MB] was developed to guide CII owners through the process of incorporating security into their Systems Development Lifecycle process. Security-by-Design is an approach which addresses the cyber protection considerations throughout a system’s lifecycle and it is one of the key components of the Cybersecurity Code of Practice for Critical Information Infrastructure.
2. Security-by-Design Framework Checklist
The Security-by-Design Framework Checklist [PDF, 753kb] is a step-by-step supplementary worksheet to the Security-by-Design Framework. It acts as a quick reference guide for cybersecurity practitioners to adopt the Security-by-Design Framework.
3. Guide to Conducting Cybersecurity Risk Assessment for CII
The Guide to Conducting Cybersecurity Risk Assessment for CII [PDF, 856kb] was developed to provide guidance to CII Owners on how to perform a proper cybersecurity risk assessment. This guidance document also spells out the expectations that CII Owners are required to note when conducting their risk assessment under the Cybersecurity Act 2018.
For more information, you can refer to our FAQs on Cybersecurity Risk Assessment for CII.
4. Guidelines for Auditing Critical Information Infrastructure
The Guidelines for Auditing Critical Information Infrastructure [PDF, 763kb] was developed to set out the expectations for cybersecurity audits and to provide guidance to appointed or approved auditors on key areas to take note of when conducting an audit of the CII under the Cybersecurity Act 2018.
For more information, you can refer to our FAQs on Cybersecurity Audit for CII.
5. Guide to Cyber Threat Modelling
The Guide to Cyber Threat Modelling [PDF, 1.3 MB] was developed to supplement the Guide to Conducting Cybersecurity Risk Assessment for CII by providing a practical and systematic way for CII Owners to identify threats for cybersecurity risk assessment. This guide covers various approaches and methods of threat modelling for CII owners to identify relevant threat events.