An Executive Summary: The Issue the Profile Addresses, Its Development as a Solution, Its Benefits, and Support The Issue: Domestic and international regulatory.

Slides:



Advertisements
Similar presentations
International Insurance Regulatory Issues
Advertisements

NOTE: To change the image on this slide, select the picture and delete it. Then click the Pictures icon in the placeholde r to insert your own image. Cybersecurity.
Regulation and Risk Management for Cross-Border Insurance Groups
U.S. General Services Administration Presentation to: Software and Supply Chain Assurance Forum Improving Cybersecurity through Acquisition December 17,
APEC Energy Section International Energy Branch Department of Industry, Tourism and Resources EGNRET 23, Christchurch NZ November 2003.
Field Operations Customs Trade Partnership Against Terrorism (C-TPAT) Overview & Update.
© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.
BEIJING BRUSSELS CHICAGO DALLAS FRANKFURT GENEVA HONG KONG LONDON LOS ANGELES NEW YORK SAN FRANCISCO SHANGHAI SINGAPORE TOKYO WASHINGTON, D.C. The Role.
Framework for Improving Critical Infrastructure Cybersecurity Overview and Status Executive Order “Improving Critical Infrastructure Cybersecurity”
R&D incentives in South Africa: a sense check of policy implementation Presentation by Mohammed Jada to SCOF 27 August 2014.
1.  The views expressed are those of the speaker and do not necessarily reflect the views of the Federal Reserve Board of Governors, or the Federal Reserve.
Global Insurance Regulation and Systemic Risk: The North American Perspective International Insurance Society Madrid, Spain – June 2010 Jerry M. de St.
Safety Driven Performance Conference 2013 The future of managing asset-intensive businesses John Keefe APM/RBMI Technical Manager Asset Integrity Services.
Laboratory Biorisk Management Standard CWA 15793:2008
OWASP Intra- Governmental Affairs David Campbell Denver Chapter Puneet Mehta Delhi Chapter.
Jeju, 13 – 16 May 2013Standards for Shared ICT CYBERSECURITY-RELATED STANDARDS ACTIVITY IN THE TELECOMMUNICATIONS INDUSTRY ASSOCIATION Eric Barnhart, Fellow.
Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 DRAFT.
Input Paper Funding Mechanisms: Mapping of Latin American Programs and Financing Mechanisms supporting International Cooperation in ICT Research and Innovation,
The Human Factors Components of a Safety Management System: The US Perspective Dr. William B. Johnson Chief Scientific & Technical Advisor for Human Factors.
DIVISION OF TECHNOLOGY, INDUSTRY AND ECONOMICS / UNEP/ SETAC Life Cycle Initiative: Focus of the Life Cycle Inventory program by Guido.
Conformity Assessment and Accreditation Mike Peet Chief Executive Officer South African National Accreditation System.
CFP ® Certification: A Global Perspective Noel Maye, CEO Financial Planning Standards Board Ltd. 22 November 2006.
1 WFC 2015, Mexico Worldwide implementation of the PFMI Froukelien Wendt, Monetary and Capital Markets Department, IMF.
1 Our Open Standards Community Jerry Hubbard Executive Vice President, Business Development Petrotechnical Open Standards Consortium North America Region.
Federal Acquisition Service U.S. General Services Administration June 3, 2013 Joint Working Group on Improving Cybersecurity and Resilience through Acquisition.
1 | Copyright © 2015 HCL Corporation | BILLION USD | 110,000 PEOPLE | 31 COUNTRIES.
International Federation of Accountants April 28, 2009 Impact Assessment Process for IFAC Linda Lach and Alta Prinsloo.
Risk Management Standards and Guidelines
IMF Economic Indicators: Principal Global Indicators (PGI)
Cyber Risk Management Solutions Fall 2015 Thomas Compliance Associates, Inc
The World Bank Finance Forum International Experience on Integrated Supervision José de Luna Martínez June 20, 2002.
TEQSA The Tertiary Education Quality and Standards Agency.
Special Meeting on Procedures for Information Exchange November 7, 2007 Geneva Session 1 Anne Meininger United States USA WTO TBT Enquiry Point.
FINANCIAL CONGLOMERATES AND BANK STABILITY: THE CHILEAN CASE Enrique Marshall Superintendent of Banks and Financial Institutions, Chile Washington, D.C.
Global Financial Regulatory Framework Regulating International Capital Market Masters in Accountancy (MACC508)
FFIEC Cybersecurity Assessment Tool Maine Credit Union League September 23, 2015 Patrick Truett, Information Systems Officer National Credit Union Administration.
May 17, 2005 Slide 1 Presented by: Dan Bart, TIA and ANSI-HSSP Co-Chair May 17, 2005 Homeland Security Standards and the Role of the ANSI Homeland Security.
Presented By: Manish Gidwani 10 Kapil Israni 16
Ulatory Reform Presentation to the INTOSAI Committee on Knowledge Sharing and Knowledge Services Mexico City, Mexico September 7, 2016.
SUSTAINABLE INSURANCE:
JMFIP Financial Management Conference
Judy Graham, Program Officer
XIX INTOSAI Congress Mexico 2007 Theme I: Management, Accountability and Audit of Public Debt Discussion Paper.
Supervision of Insurance Market Conduct in Canada
Indicators Legislative and financial base support for civil society
HRM 498 ASSIST Master of Education in Teaching/hrm498assist.com
IAIS 23rd Annual Conference Major Projects Update Panel Presentation on Financial Stability and Technical Committee, Michael McRaith, Chair, FSTC Asunción,
The Cybersecurity Framework
Enterprise risk management
Training Course on Integrated Management System for Regulatory Body
Introduction to The Open Group
Ulatory Reform Presentation to the INTOSAI Committee on Knowledge Sharing and Knowledge Services Bali, Indonesia August 23-25,
NIST Cybersecurity Framework
Abstract Selected experiences
AAHRPP Accreditation Welcome to the University of Georgia’s presentation for accreditation of the human research protection program (HRPP). This presentation.
B-Hive Europe Open Innovation Platform Fabian Vandenreydt
Advanced Management Control and Sustainable Development
Introduction to the Workshop
Smart Grids activities in ETSI
Presented by: Dan Bart, TIA and ANSI-HSSP Co-Chair May 17, 2005
Cybersecurity ATD technical
Ulatory Reform Presentation to the INTOSAI Committee on Knowledge Sharing and Knowledge Services Bali, Indonesia August 23-25,
Group Meeting Ming Hong Tsai Date :
MAZARS’ CONSULTING PRACTICE Helping your Business Venture Further
American National Standards Institute
Panelists ASIS International – Dr. Marc Siegel, Security Management System Consultant, ASIS International Disaster Recovery Institute International (DRII)
University of Maryland Robert H. Smith School of Business
Enhancing Quality & Supporting IFAC Membership
Role of State Audit Bureau of Kuwait in promoting and audit of IT Security  
CYBER RISKS IN SECURITIES SERVICES
Presentation transcript:

An Executive Summary: The Issue the Profile Addresses, Its Development as a Solution, Its Benefits, and Support The Issue: Domestic and international regulatory agencies asking the same question in many different ways, stretching already scarce cybersecurity talent. The Profile as a Solution: The Profile, which is a common, standardized approach that can act as a baseline for examination and future cyber regulation - fill out once per exam cycle, report out many. Voluntary with Many Benefits, Including: Provides more consistent and efficient processing of examination material by both firms and regulators. Allows Regulators and Firms to focus on systemic risk and risk residual to firms. Establishes an Industry best practice beyond regulatory use. Supporting Associations:

The Profile as a Tool for Public/Private Collaboration Appendix: The Profile as a Tool for Public/Private Collaboration Globally U.S. Federal U.S. States Standards Bodies Financial Stability Board (FSB) harmonizing around key cyber terms and definitions, drawing from the Profile sources (NIST and ISO). Federal Reserve (FRB) mentioning the Profile’s use as an acceptable assessment methodology in upcoming First Day examination letters with plans to train examiners. SEC Office of Compliance Inspections and Examinations (OCIE) training its staff on Profile usage in Nov 2018. New York Department of Financial Services (NYDFS) modifying its final regulation in favor of an assessment based approach. National Association of Insurance Examiners (NAIC) exploring voluntary use of the Profile for exam purposes. International Standards Organisation (ISO) developing a standard on standards development, adopting the Profile development process. NIST and ISO drafting, with FSSCC, a joint white paper describing the complementary nature of each.

Supply Chain/ Dependency Management The Profile: A NIST Cybersecurity Framework Extension to Align with Financial Services Requirements and Supervisory Expectations NIST Cybersecurity Framework provides a globally accepted organizational structure and taxonomy for cybersecurity and cyber risk management The Profile extends the NIST Cybersecurity Framework to be more inclusive of financial services requirements and supervisory expectations The following countries are either exploring its use or promoting it through translation – Bermuda Brazil Canada Israel Italy Japan Malaysia Mexico Philippines Saudi Arabia Switzerland United Kingdom Uruguay Extended NIST to highlight 2 special categories of particular (& appropriate) regulatory focus: The following international governments and organizations have expressed positive interest in the Profile – Argentina Brazil China (Mainland and Hong Kong) Chile Colombia European Union International Standards Organisation Japan Organization of American States Singapore United Kingdom Governance Supply Chain/ Dependency Management

Three Year Plan: A Sustained Organization with Four Areas of Focus - Increase Firm implementations; - Agencies are calibrating support based on firm use. (1) Financial Institution Implementation (2) Examiner Education & Training (3) Integration of Global Cyber Regulatory Regimes (4) Tool Automation & Enhanced Functionality - Examiner training will lead to more in-field comfort; - Will work with leading agencies. - A freely downloadable Profile will continue to be provided; - To increase functionality and use, a more advanced tool will also be pursued. - Will integrate 3-4 international regulations per year; - Examples would include Operational Resilience frameworks.

Documented Agency Statements of Support Federal Reserve: “… we'll welcome any financial institution to provide information to us using the structure and taxonomy of the profile, we see that as a boon for harmonization.” FFIEC: “…These resources are actionable and help financial institutions manage cybersecurity risk regardless of whether they use the FFIEC Cybersecurity Assessment Tool, NIST Cybersecurity Framework, Financial Services Sector Specific Cybersecurity Profile, or any other methodology to assess their cybersecurity preparedness.” OCC: “If the industry moves to use this cybersecurity profile, that is what we will base our assessments on….” FDIC: “That was one of the things, at the FDIC, that we were most interested in is looking at the tiering.” NIST: “…[O]ne of the more detailed Cybersecurity Framework-based, sector regulatory harmonization approaches to-date.” SEC: “…to the extent that we can rationalize and cut down on that duplication, allowing those scarce resources to start driving toward protecting the enterprise, I think we're in a good space.”

Websites https://www.fsscc.org/Financial-Sector-Cybersecurity-Profile https://www.fsscc.org/The-Profile-FAQs https://www.fsscc.org/files/galleries/NIST_Letter_of_Support_re_FSSCC_Financial_Services_Sector_Cybersecurity_Profile.pdf

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.