Cyber Hygiene: The Regulators Steps In – MAS 655


Security Patching can be a real burden if there are no procedures set in place and many businesses can’t afford the downtime, so they just accept the risks. Reasons could be limited resources, legacy systems could be overlooked during patching, or worse, some systems are so old they cannot be patched.  A lot of manual efforts hamper this process.

Most environments are quite wide: different systems, different platforms, different environments, anywhere in the world. Some are newer. Some are older. Some of them were manual. Some of them were automated. The key factor here is speeding things up to quickly detect and fix any vulnerability in the infrastructure.

Safety and soundness is hugely dependent on the open vulnerabilities that can be exploited by the adversary. Media is hot with news on large scale breaches due to poor cyber hygiene. MAS has issued a mandatory notice 6ff that applies to all banks – below are the details of the notice.

Singapore, August 6, 2019:  MAS Notice 655 Cyber Hygiene

MAS issued a notice that applies to all banks in Singapore. It sets out cybersecurity requirements on securing administrative accounts, applying security patching, establishing baseline security standards, deploying network security devices, implementing anti-malware measures and strengthening user authentication. The noticed and the related details are available at MAS website and referenced below:

Notice 655 Cyber Hygiene  (56 KB)


Wouldn’t it be nice to have technology that learns and heals by itself? Instead of humans having to identify, chase and patch is it possible to build an automated system that takes care of the security patching overheads.

Listen to this success story of how a large bank in Canada was able to transform its security patching cadence.

Give confidence to your management by having an Intuitive dashboard and automation. Below is a screenshot from the BMC Truesight Vulnerability Management

TrueSight Vulnerability Management helps security and IT prioritize and remediate risks based on potential impact to the business.

Want to see one in action?