The Public Peport of the Committee of Inquiry into the Cyber Attack on Singapore. Health Services Pte Lid's Patient Database in 2018 is a shining example of control failure. Superficially, Singapore Health Services' governance of information security had the appearance of being organised. However, at a granular level, it contained a number of significant flaws which prevented the organisation from achieving its mission, namely to protect the patient database. containing what, in Malaysia, would be regarded as " sensitive personal data". It is tempting to think of privacy and cyber-security primarily as a technical challenge, but the actions of people also play a critical part in the success or failure of an enterprise. People fulfil important functions at every stage of system design, implementation, operation, use, and oversight. Confining your analysis to CIS Control 17 (nes.com.clsecurity or controls/) and using that control as your context, identify the deficiencies in Singapore Health Services' secunty awareness and training, and explain what contribution those deficiencies and the people responsible for them had on the success of the cyber attack 2. Using CIS Control 17 (and the additional materials referenced in the discussion of that control in the CIS Controls (SANS is particularly useful), draft a security awareness programme targeted at the specific deficiencies you have identified in response to part 1, using annotated cross-references to pas yraphs in the report of the Committee of Inquiry, identifying each specific deficiency being targeted. 1. The Public Peport of the Committee of Inquiry into the Cyber Attack on Singapore. Health Services Pte Lid's Patient Database in 2018 is a shining example of control failure. Superficially, Singapore Health Services' governance of information security had the appearance of being organised. However, at a granular level, it contained a number of significant flaws which prevented the organisation from achieving its mission, namely to protect the patient database. containing what, in Malaysia, would be regarded as " sensitive personal data". It is tempting to think of privacy and cyber-security primarily as a technical challenge, but the actions of people also play a critical part in the success or failure of an enterprise. People fulfil important functions at every stage of system design, implementation, operation, use, and oversight. Confining your analysis to CIS Control 17 (nes.com.clsecurity or controls/) and using that control as your context, identify the deficiencies in Singapore Health Services' secunty awareness and training, and explain what contribution those deficiencies and the people responsible for them had on the success of the cyber attack 2. Using CIS Control 17 (and the additional materials referenced in the discussion of that control in the CIS Controls (SANS is particularly useful), draft a security awareness programme targeted at the specific deficiencies you have identified in response to part 1, using annotated cross-references to pas yraphs in the report of the Committee of Inquiry, identifying each specific deficiency being targeted. 1