JARGON WATCH

Tech Jargon

Tracking pixel: A tiny graphic containing a code or script that tracks certain website metrics, such as number of visitors or number of clicks. An example is the tiny smiley face on sites hosted on WordPress, which collects statistics such as the number of visits the site gets and where the visitors are coming from. Every time someone loads a site with a tracking pixel, the visitor downloads the tracking pixel too and that "pings" or sends a message to the site's server. A tracking pixel is so-named because it is usually 1 pixel by 1 pixel in dimension.

Public Service Jargon

Reverse auction: Service providers place bids on open projects by continually proposing lower fees for which they are willing to perform their services. The lowest bidder at the end of the auction window wins the job. The Singapore Government Digital Services is running a reverse auction platform, govBuy, as a trial for small open-source development projects. The purpose is to test the viability of circumventing an often time-consuming vendor-tendering process, and streamline service delivery for lower-value projects (capped at $5,000).

ASK A PRO

The work of a Chief Information Security Officer

Mr Tan Yong Seng is a Chief Information Security Officer (CISO) in the Prime Minister's Office. He tells Challenge what a CISO (say “see-so”) does and why everyone has a part to play in IT security.

Q: What does a CISO do? How is a CISO’s work different from that of a Chief Information Officer?

A: A Chief Information Security Officer (CISO) is responsible for establishing and maintaining the enterprise’s vision, strategy and programme for ensuring its information assets and technologies are adequately protected.

The CISO’s ultimate role is to ensure that an organisation's security function adds value and competitive advantage to the group. A major part of the role entails helping to forge strong relationships between departments. Preventing, detecting and responding to Information Technology (IT) security threats while meeting compliance requirements are well-established duties of the CISO and IT security team.

On the other hand, the Chief Information Officer (CIO) is in charge of IT strategy and systems that support business objectives and goals.

In short, the CIO is responsible for the business and operations side of IT. A CISO's role, on the other hand, is to reduce IT risk and work towards a culture of shared risk responsibilities across the organisation.

Q: How does the CISO work with the CIO and the rest of the IT team?

A: The CIO and CISO work together to keep the organisation connected, productive and secure. When the two disagree on a decision, the solution is usually somewhere in between. This provides an avenue for healthy discussion on the different options to adopt and ultimately creates value for the organisation.

The worst decision an organisation can make is to hire a CISO after a major security breach. For example, Target, the US discount store retailer, only brought on board their very first CISO several months after their 2013 data breach.

Q: What are the most common ways information security is put at risk?

A: Most security incidents are attributed to human error. Bad guys are increasingly relying on phishing emails to bypass an organisation’s layered security defences. Phishing is a low-cost but highly effective way to gain access into an otherwise well-protected environment. Social media such as Facebook also provide a rich source of information to identify and target employees with carefully crafted emails.

Q: What are some ways organisations can emphasise and ensure that staff maintain information security?

A: Security is everyone’s responsibility and organisations need to understand that IT security is a business, and not solely IT, issue.

As an employee, read and understand your organisation’s Acceptable Use Policy. Maintain security awareness by keeping a lookout for regular security tips by your IT security folks. Any user who becomes aware of a security incident (suspected or confirmed) should report the occurrence immediately to minimise any impact to the organisation.

Remember, the good guys need to identify and close every single gap as fast as they can, but the bad guys only need to find one to get in.

Got a question or topic you want answered by a pro? Send your suggestions to psd_challenge@psd.gov.sg

GET WIRED

The most effective ways to protect information security:

• Use unique, strong passwords for different accounts. This minimises the impact should one of the accounts be compromised.
• Have separate accounts for personal and official activities.
• Never give your login or personal details when responding to unsolicited emails or phone calls.

Habits and behaviours to avoid online:

• Do not use your mother’s maiden name or your date of birth for passwords. These can easily be harvested from social media channels that are not kept private.
• Do not use your official email accounts for personal activities. You could end up on a spam mailing list, or be seen as officially endorsing a business or activity.
• Do not forget to verify the authenticity of the sender before sharing information or opening an attachment from unsolicited emails. This is one of the most common ways for bad guys to steal or destroy your information, or take control of your computer.