An effective strategy for cybersecurity needs to be built on 3 key pillars – “people”, “process” and “technology”. Smaller or less digitalised organisations, such as Small and Medium Enterprises (SMEs) may have limited IT and/or cybersecurity expertise and resources and may find it challenging to implement even baseline cyber hygiene in-house. For those that prefer to tap on 3rd party providers to support them in their cybersecurity implementation, they may consider the following programmes:
Eligible organisations are eligible for funding support when they procure pre-approved solutions under SMEs Go Digital and/or develop a cybersecurity health plan with providers onboarded by CSA. Holistically, these initiatives help organisations to overcome key challenges, such as lack of manpower/resources and lack of budget encountered when implementing cybersecurity.
i. What you can expect
If you are just getting started in your cybersecurity journey, the cybersecurity consultants (that have been onboarded by CSA) will take on the role to be your “Chief Information Security Officers” (CISO). Such CISO as-a-Service (CISOaaS) providers will
If you already have implemented good cyber hygiene, or already achieved CSA’s Cyber Essentials mark, you are ready to progress towards adopting a risk-based approach to cybersecurity with CSA’s Cyber Trust mark.
ii. Funding support for eligible SMEs
Eligible SMEs can enjoy up to 70% co-funding support when you sign up with the CISOaaS cybersecurity consultants onboarded by CSA.
iii. Apply to develop Cybersecurity Health Plan with a CISOaaS Consultant
To sign up for CISOaaS (Cyber Essentials) service with funding support, eligible SMEs may identify its choice of CISOaaS consultant and/or package and sign up at IMDA’s CTOaaS portal here.
For organisations that are not eligible for funding support but wish to sign up for CISOaaS (Cyber Essentials) service may approach your choice of CISOaaS consultant directly. Please refer to this online listing:
* Please note that CSA does not endorse or recommend any particular organisation, individual, product, process, or service that is linked to the SG Cyber Safe programme, nor can CSA assure the quality of the work of any organisation or individual linked to the SG Cyber Safe programme.
iv. Funding support for other organisations
Organisations that are members of the National Council of Social Services (NCSS) should refer to NCSS’s Tech-and-GO! consultancy programme.
v. Other benefits of signing up for CISOaaS providers
Organisations that have successfully completed developing their cybersecurity health plans with their CISOaaS consultants and have appointed a certification body for Cyber Essentials and/or Cyber Trust certification are eligible to be offered scholarships for the Google Cybersecurity Certificate. Please approach your CISOaaS consultant or your appointed certification body for more information.
i. What you can expect
DSaaS (HIB) is intended for organisations in the healthcare sector that are subject to HIB, and this is an add-on to the CISOaaS (Cyber Essentials) service. Collectively, the CISOaaS (Cyber Essentials) and DSaaS (HIB) services help organisations in the healthcare sector to address the “Cyber & Data Security Guidelines for Healthcare Providers" published by the Ministry of Health (MOH) (link).
ii. Funding support
Funding support is currently not available for the DSaaS (HIB) add-on service, but eligible SMEs can enjoy up to 70% co-funding support when you sign up for CISOaaS (Cyber Essentials).
iii. Apply for DSaaS (HIB) as an add-on to CISOaaS (Cyber Essentials)
To sign up for CISOaaS (Cyber Essentials) service with funding support with the DSaaS (HIB) as an add-on service, eligible SMEs may identify its choice of CISOaaS consultant and/or package and sign up, see (b)(iii) above.
For organisations that are not eligible for funding support but wish to sign up for CISOaaS (Cyber Essentials) with the DSaaS (HIB) as an add-on service, you may approach your choice of CISOaaS consultant directly, see (b)(iii) above.
i. What you can expect
DPOaaS is intended for Social Service Agencies (SSAs) under National Council of Social Service (NCSS):
Collectively, the CISOaaS (Cyber Essentials) and DPOaaS services help SSAs under NCSS to address the “Data Security Instructions” (DSI) published by MSF Data Governance Office.
ii. Funding support
To be updated.
iii. Apply for DPOaaS as an add-on to CISOaaS (Cyber Essentials)
For organisations that wish to sign up for CISOaaS (Cyber Essentials) with DPOaaS as an add-on service, you may approach your choice of CISOaaS consultant directly, see (b)(iii) above.
i. What you can expect
Vulnerability Assessment (VA) is a process of identifying, assessing and discovering security vulnerabilities on a computer systems or networks. The systematic approach of identifying, quantifying, and ranking security vulnerabilities enables an organisation to select critical vulnerabilities to resolve based on its available resources and the risks posed.
Penetration Testing (PT) is an authorised and intentional attack on a system to identify vulnerabilities that could be exploited by threat actors. This allows organisations to determine exploitable vulnerabilities in their systems and address them.
Holistically, VA/PT service is intended to help organisations, including SSAs, identify exploitable vulnerabilities and prioritise the key vulnerabilities that need to be resolved.
ii. Funding support
To be updated.
iii. Apply for VA/PT service
For organisations that wish to engage VA/PT services, you may approach your choice of VA/PT provider directly. Please refer to this online listing:
• CSA Providers Listing – VA/PT Providers (Coming Soon!)
* Please note that CSA does not endorse or recommend any particular organisation, individual, product, process, or service that is linked to the SG Cyber Safe programme, nor can CSA assure the quality of the work of any organisation or individual linked to the SG Cyber Safe programme.
i. What you can expect
To complement CISOaaS (Cyber Essentials), which focuses on helping organisations to implement preventive measures for cybersecurity, i.e. pre-incident, organisations may potentially also need help post-incident. The IR service is intended to support organisations that have encountered cybersecurity incident(s).
ii. Funding support
Funding support is currently not available for IR service.
iii. Apply for IR service
For organisations that wish to engage IR services, you may approach your choice of IR provider directly. Please refer to this online listing:
• CSA Providers Listing – IR Providers (Coming Soon!)
* Please note that CSA does not endorse or recommend any particular organisation, individual, product, process, or service that is linked to the SG Cyber Safe programme, nor can CSA assure the quality of the work of any organisation or individual linked to the SG Cyber Safe programme.
Provide feedback about your cybersecurity provider: Feedback form
Sign up to be onboarded as a provider to provide CISOaaS in support of CSA Cyber Essentials and adjacent cybersecurity services: Application form