1. Financial Services Sector Coordinating Council (FSSCC) 2011 KEY FSSCC INITIATIVES 2011 Key FSSCC Initiatives Project Name: Project Description: All-Hazards Crisis Event Response Playbook and Readiness Strategies An initiative to develop and “operationalize” a simple, consistent and structured sector response process with codified roles and protocols for effective intra- and cross-sector information flow and coordinated actions to support sustained financial sector resiliency. Project Objective/Definition:1.“Operationalize” the existing tools (playbooks, CINS, etc) and protocols to establish baseline readiness of sector response teams 2.Refine the Playbook to include both cyber and physical threat guidance 3.Develop a coordinated 2011 Exercise strategy / plan and notification test program 4.Collaborate within and across sector to define specific roles and expectations of response team members (e.g., DHS Liaison to the Crisis Management Team, Cross-Sector liaison, etc.) 5.Facilitate timely remediation (resolve / mitigate to acceptable risk) of identified response gaps 6.Define / validate requirements for “CMT roster representation,” proxy readiness, and new member orientation 7.Maximize opportunity for and benefit to broader FSSCC member organizations in crisis management Desired Outcomes: White Paper / Position Paper Exercises / Testing Awareness Collaboration 1.“Ready for Use” Crisis Event Response Playbook through routine maintenance 2.Sustained sector readiness through exercise practice and real world event experience (effective after-action reporting and remediation program) 3.Min 2x/year execution of a FSSCC exercise, prioritized by the highest risks from the FSSCC Threat Matrix, with robust member participation (if not obviated by a real world event) 4.Well-defined protocol/process flow for intra-sector and cross-sector collaboration during crisis 5.Improved alignment – cyber; cross-sector; international - for response and recovery 1. Crisis Event Management Initiative 1 of 4 1

2. Financial Services Sector Coordinating Council (FSSCC) 2011 KEY FSSCC INITIATIVES 2011 Key FSSCC Initiatives Project Name: Project Description: Threat Matrix Management Project Objective/Definition: “Operationalize” the threat matrix. Desired Outcomes: White Paper / Position Paper Exercises / Testing Awareness Collaboration A standard set of work products and scheduled releases. Established governance procedures for managing the threat matrix. Provide a “Threat Assessment Toolkit” (i.e., threat matrix and self-assessment guide) to members. Develop a survey/feedback mechanism for continued input to the sector assessment. Publish Threat Assessment V1 (a controlled document published semiannually). Publish “Threat Viewpoints” for high-priority threats. Provide input to key FSSCC initiatives (e.g., R&D Challenges, Exercise Plans, etc.). 2. Threat Matrix Management Initiative 2 of 4 2

3. Financial Services Sector Coordinating Council (FSSCC) 2011 KEY FSSCC INITIATIVES 2011 Key FSSCC Initiatives Project Name: Project Description: Communications and Outreach Establish regular FSSCC communication mediums within the financial services sector, and formalize an engagement model with key audiences and partners outside the financial services sector, both domestic and international. Project Objective/Definition: Educate the financial services sector about the role of FSSCC and the critical infrastructure protection (CIP) requirements for the sector Create formal mechanisms to operationalize and facilitate broad adoption of Sector-specific FSSCC products and processes, as well as recommendations for implementation, where appropriate Educate government agencies, domestically and internationally, and law enforcement about the financial services sector and role of critical infrastructure protection Develop a mutual commitment for collaboration between the FSSCC, other sectors, and the government Desired Outcomes: White Paper / Position Paper Exercises / Testing Awareness Collaboration Formalized engagement model for interactions with the US Government, FBIIC/Regulators, International Governments, Regional Coalitions, Internet Governance Organizations, End Users, and inter-dependent sectors. A part of the model should address the following: Break out between “within Sector” and “outside Sector” Leverage the FBIIC in critical aspects Regularly scheduled meetings and consistently maintained communication mediums to facilitate communications in support of the engagement model. A part of the solution should address the following: A periodic (perhaps quarterly) communication (3-pager) that may be broadly shared that addresses what the FSSCC is currently doing, has recently completed, and plans to do next 3. Communications and Outreach Initiative 3 of 4 3

4. Financial Services Sector Coordinating Council (FSSCC) 2011 KEY FSSCC INITIATIVES 2011 Key FSSCC Initiatives Project Name: Project Description: Identity Assurance Identity Assurance includes proofing, identification and authentication, access management, and etc. Project Objective/Definition: Provide sector leadership to achieve a stronger Identity Assurance Platform in collaboration with the Federal Government and other entities Desired Outcomes: White Paper / Position Paper Exercises / Testing Awareness Collaboration 1 – Identity Proofing Gateway Project 2 – Identity Assurance White paper: Describes the role of the financial services community with respect to the identity assurance platform for the Internet (e.g. identity assurance provider as well as consumer) and the framework of a strong identity assurance platform (governance, training, collaboration, technologies) 3 – Adoption strategy – Define and establish a collaboration process between government and financial service industry (business, operations and security) to realize the white paper vision 4. Identity Assurance Initiative 4 of 4 4