Chapter 8 Cyber resilience

[enjofaes]

First of all, what a boring chapter/book ORR.. or is it just me that is not interested in anything non-quant?

In any case Garp has just copy pasted the text from BIS (https://www.bis.org/bcbs/publ/d454.pdf) but has failed to add the Annex (A,B,C) in the book.. perhaps something to notify GARP of?

I saw the study notes in vitalsource on p119 contains the Annex C of the BIS paper! Nice!

The study notes are almost as lengthy as the book (which I understand is difficult to summarize), the 3 practice questions do come in handy!

 

[enjofaes]

One addition.. All these terms. ISO (IEC 27036-2, ISO 27000), TIBER EU, UK CBEST, ISACA COBIT (4.1, 5), CPMI-IOSCO, US FFIEC, US CERT CIRCL, MISP, HKMA, MAS, TITUS, CMORG,BAFIN BAIT, APRA CPS 234.... don't know if I forgot any but below an overview:

Term	Short Description	Region of Applicability
ISO/IEC 27036-2	Guidelines for information security in supplier relationships, focusing on the protection of shared information.	International
ISO 27000	A series of international standards for information security management systems (ISMS).	International
TIBER EU	A European framework for threat intelligence-based ethical red teaming to assess cybersecurity in financial firms.	European Union
UK CBEST	A UK-based cybersecurity testing framework for financial firms, similar to TIBER EU.	United Kingdom
ISACA COBIT 4.1	A governance and management framework for IT, aiming to align IT with business objectives.	International
ISACA COBIT 5	An updated version of COBIT 4.1, offering a more comprehensive and integrated approach to IT governance.	International
CPMI-IOSCO	Guidelines for financial market infrastructures to enhance cyber resilience.	International
US FFIEC	A US regulatory body providing cybersecurity assessment tools for financial institutions.	United States
US CERT CIRCL	A US-based center for incident response and computer security, providing support and coordination.	United States
MISP	An open-source platform for sharing threat intelligence and indicators of compromise.	International
HKMA	The Hong Kong Monetary Authority, which issues guidelines on cybersecurity risk management.	Hong Kong
MAS	The Monetary Authority of Singapore, which provides guidelines for technology risk management.	Singapore
TITUS	A data classification and security software solution that helps organizations protect sensitive information.	International
CMORG	Cybersecurity Maturity and Operational Resilience Guide, a tool for financial institutions to assess cybersecurity.	International
BAFIN BAIT	German Federal Financial Supervisory Authority's (BaFin) guidelines on IT security for banks.	Germany
APRA CPS 234	Australian Prudential Regulation Authority's standard for information security in the financial sector.	Australia

NIST CSF	A voluntary framework developed by the US National Institute of Standards and Technology for managing cybersecurity risks.	United States
CIS	The Center for Internet Security Critical Security Controls, providing a prioritized set of actions to improve security.	International
ISO/IEC 27001	An international standard for information security management systems (ISMS) requirements.	International
ISO/IEC 27002	An international standard for information security controls, providing best practices and guidelines.	International