Presentation is loading. Please wait.

Presentation is loading. Please wait.

An Executive Summary: The Issue the Profile Addresses, Its Development as a Solution, Its Benefits, and Support The Issue: Domestic and international regulatory.

Published byElli Haavisto Modified over 5 years ago

Similar presentations

Presentation on theme: "An Executive Summary: The Issue the Profile Addresses, Its Development as a Solution, Its Benefits, and Support The Issue: Domestic and international regulatory."— Presentation transcript:

1 An Executive Summary: The Issue the Profile Addresses, Its Development as a Solution, Its Benefits, and Support The Issue: Domestic and international regulatory agencies asking the same question in many different ways, stretching already scarce cybersecurity talent. The Profile as a Solution: The Profile, which is a common, standardized approach that can act as a baseline for examination and future cyber regulation - fill out once per exam cycle, report out many. Voluntary with Many Benefits, Including: Provides more consistent and efficient processing of examination material by both firms and regulators. Allows Regulators and Firms to focus on systemic risk and risk residual to firms. Establishes an Industry best practice beyond regulatory use. Supporting Associations:

2 The Profile as a Tool for Public/Private Collaboration
Appendix: The Profile as a Tool for Public/Private Collaboration Globally U.S. Federal U.S. States Standards Bodies Financial Stability Board (FSB) harmonizing around key cyber terms and definitions, drawing from the Profile sources (NIST and ISO). Federal Reserve (FRB) mentioning the Profile’s use as an acceptable assessment methodology in upcoming First Day examination letters with plans to train examiners. SEC Office of Compliance Inspections and Examinations (OCIE) training its staff on Profile usage in Nov New York Department of Financial Services (NYDFS) modifying its final regulation in favor of an assessment based approach. National Association of Insurance Examiners (NAIC) exploring voluntary use of the Profile for exam purposes. International Standards Organisation (ISO) developing a standard on standards development, adopting the Profile development process. NIST and ISO drafting, with FSSCC, a joint white paper describing the complementary nature of each.

3 Supply Chain/ Dependency Management
The Profile: A NIST Cybersecurity Framework Extension to Align with Financial Services Requirements and Supervisory Expectations NIST Cybersecurity Framework provides a globally accepted organizational structure and taxonomy for cybersecurity and cyber risk management The Profile extends the NIST Cybersecurity Framework to be more inclusive of financial services requirements and supervisory expectations The following countries are either exploring its use or promoting it through translation – Bermuda Brazil Canada Israel Italy Japan Malaysia Mexico Philippines Saudi Arabia Switzerland United Kingdom Uruguay Extended NIST to highlight 2 special categories of particular (& appropriate) regulatory focus: The following international governments and organizations have expressed positive interest in the Profile – Argentina Brazil China (Mainland and Hong Kong) Chile Colombia European Union International Standards Organisation Japan Organization of American States Singapore United Kingdom Governance Supply Chain/ Dependency Management

4 Three Year Plan: A Sustained Organization with Four Areas of Focus
- Increase Firm implementations; - Agencies are calibrating support based on firm use. (1) Financial Institution Implementation (2) Examiner Education & Training (3) Integration of Global Cyber Regulatory Regimes (4) Tool Automation & Enhanced Functionality - Examiner training will lead to more in-field comfort; - Will work with leading agencies. - A freely downloadable Profile will continue to be provided; - To increase functionality and use, a more advanced tool will also be pursued. - Will integrate 3-4 international regulations per year; - Examples would include Operational Resilience frameworks.

5 Documented Agency Statements of Support
Federal Reserve: “… we'll welcome any financial institution to provide information to us using the structure and taxonomy of the profile, we see that as a boon for harmonization.” FFIEC: “…These resources are actionable and help financial institutions manage cybersecurity risk regardless of whether they use the FFIEC Cybersecurity Assessment Tool, NIST Cybersecurity Framework, Financial Services Sector Specific Cybersecurity Profile, or any other methodology to assess their cybersecurity preparedness.” OCC: “If the industry moves to use this cybersecurity profile, that is what we will base our assessments on….” FDIC: “That was one of the things, at the FDIC, that we were most interested in is looking at the tiering.” NIST: “…[O]ne of the more detailed Cybersecurity Framework-based, sector regulatory harmonization approaches to-date.” SEC: “…to the extent that we can rationalize and cut down on that duplication, allowing those scarce resources to start driving toward protecting the enterprise, I think we're in a good space.”

6 Websites https://www.fsscc.org/Financial-Sector-Cybersecurity-Profile

Download ppt "An Executive Summary: The Issue the Profile Addresses, Its Development as a Solution, Its Benefits, and Support The Issue: Domestic and international regulatory."

Similar presentations

International Insurance Regulatory Issues

International Insurance Regulatory Issues
NOTE: To change the image on this slide, select the picture and delete it. Then click the Pictures icon in the placeholde r to insert your own image. Cybersecurity.

NOTE: To change the image on this slide, select the picture and delete it. Then click the Pictures icon in the placeholde r to insert your own image. Cybersecurity.
Regulation and Risk Management for Cross-Border Insurance Groups

Regulation and Risk Management for Cross-Border Insurance Groups
U.S. General Services Administration Presentation to: Software and Supply Chain Assurance Forum Improving Cybersecurity through Acquisition December 17,

U.S. General Services Administration Presentation to: Software and Supply Chain Assurance Forum Improving Cybersecurity through Acquisition December 17,
APEC Energy Section International Energy Branch Department of Industry, Tourism and Resources EGNRET 23, Christchurch NZ 10-13 November 2003.

APEC Energy Section International Energy Branch Department of Industry, Tourism and Resources EGNRET 23, Christchurch NZ November 2003.
Field Operations Customs Trade Partnership Against Terrorism (C-TPAT) Overview & Update.

Field Operations Customs Trade Partnership Against Terrorism (C-TPAT) Overview & Update.
© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.

© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.
BEIJING BRUSSELS CHICAGO DALLAS FRANKFURT GENEVA HONG KONG LONDON LOS ANGELES NEW YORK SAN FRANCISCO SHANGHAI SINGAPORE TOKYO WASHINGTON, D.C. The Role.

BEIJING BRUSSELS CHICAGO DALLAS FRANKFURT GENEVA HONG KONG LONDON LOS ANGELES NEW YORK SAN FRANCISCO SHANGHAI SINGAPORE TOKYO WASHINGTON, D.C. The Role.
Framework for Improving Critical Infrastructure Cybersecurity Overview and Status Executive Order 13636 “Improving Critical Infrastructure Cybersecurity”

Framework for Improving Critical Infrastructure Cybersecurity Overview and Status Executive Order “Improving Critical Infrastructure Cybersecurity”
R&D incentives in South Africa: a sense check of policy implementation Presentation by Mohammed Jada to SCOF 27 August 2014.

R&D incentives in South Africa: a sense check of policy implementation Presentation by Mohammed Jada to SCOF 27 August 2014.
1.  The views expressed are those of the speaker and do not necessarily reflect the views of the Federal Reserve Board of Governors, or the Federal Reserve.

1.  The views expressed are those of the speaker and do not necessarily reflect the views of the Federal Reserve Board of Governors, or the Federal Reserve.
Global Insurance Regulation and Systemic Risk: The North American Perspective International Insurance Society Madrid, Spain – June 2010 Jerry M. de St.

Global Insurance Regulation and Systemic Risk: The North American Perspective International Insurance Society Madrid, Spain – June 2010 Jerry M. de St.
Safety Driven Performance Conference 2013 The future of managing asset-intensive businesses John Keefe APM/RBMI Technical Manager Asset Integrity Services.

Safety Driven Performance Conference 2013 The future of managing asset-intensive businesses John Keefe APM/RBMI Technical Manager Asset Integrity Services.
Laboratory Biorisk Management Standard CWA 15793:2008

Laboratory Biorisk Management Standard CWA 15793:2008
OWASP Intra- Governmental Affairs David Campbell Denver Chapter Puneet Mehta Delhi Chapter.

OWASP Intra- Governmental Affairs David Campbell Denver Chapter Puneet Mehta Delhi Chapter.
Jeju, 13 – 16 May 2013Standards for Shared ICT CYBERSECURITY-RELATED STANDARDS ACTIVITY IN THE TELECOMMUNICATIONS INDUSTRY ASSOCIATION Eric Barnhart, Fellow.

Jeju, 13 – 16 May 2013Standards for Shared ICT CYBERSECURITY-RELATED STANDARDS ACTIVITY IN THE TELECOMMUNICATIONS INDUSTRY ASSOCIATION Eric Barnhart, Fellow.
Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 DRAFT.

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 DRAFT.
Input Paper Funding Mechanisms: Mapping of Latin American Programs and Financing Mechanisms supporting International Cooperation in ICT Research and Innovation,

Input Paper Funding Mechanisms: Mapping of Latin American Programs and Financing Mechanisms supporting International Cooperation in ICT Research and Innovation,
The Human Factors Components of a Safety Management System: The US Perspective Dr. William B. Johnson Chief Scientific & Technical Advisor for Human Factors.

The Human Factors Components of a Safety Management System: The US Perspective Dr. William B. Johnson Chief Scientific & Technical Advisor for Human Factors.
DIVISION OF TECHNOLOGY, INDUSTRY AND ECONOMICS / www.uneptie.org UNEP/ SETAC Life Cycle Initiative: Focus of the Life Cycle Inventory program by Guido.

DIVISION OF TECHNOLOGY, INDUSTRY AND ECONOMICS / UNEP/ SETAC Life Cycle Initiative: Focus of the Life Cycle Inventory program by Guido.

Similar presentations

Ads by Google