Description
See the attached assignment instructions.
Unformatted Attachment Preview
Finance and Banking: Industry Best Practices
Organizations in the finance and banking industry suffer more cyberattacks than any other industry
because of the obvious reason, monetary gain. With ongoing issues and concerns about cyberattacks
and cybersecurity, governing regulators are strongly recommending that the finance and banking
industry adopt best practices for its industry to help protect their reputations and clients’ data, and to
curtail cyber intrusion, and manage overall risk management. In adopting governmental best practices,
this industry will have the ability to identify, assess, and manage cybersecurity risks.
The National Institute of Standards and Technology (NIST) Cybersecurity, in collaboration with the
financial industry, academia, and government, published a framework, Improving Critical Infrastructure
Cybersecurity version 1.1, in April 2018. This framework has three major components: Core, Tier, and
Profiles, where the core aspect focuses on cybersecurity best practices in industries, including finance
and banking. In the core aspect of the framework, best practices in five areas of information security
were outlined: Identity, Protect, Detect, Respond, and Recover.
Figure 1
NIST Best Practices Framework (NIST, 2018)
In addition to NIST best practices framework, Financial Industry Regulatory Authority, FINRA offers a
distinct opinion on cybersecurity and best practices in the finance and banking industry. FINRA defined
cybersecurity “as
the protection of the investor and firm information from compromise through the use—in whole or in
part—of electronic digital media (e.g., computers, mobile devices or Internet protocol-based telephony
systems). “Compromise” refers to a loss of data confidentiality, integrity, or availability” (FINRA, 2015).
In February 2015, the Report on Cybersecurity Practices, FINRA outlined eight principles; Governance
and risk management for cybersecurity; cybersecurity risk assessment; technical controls; incident
response planning; vendor management; staff training; cyber intelligence and information sharing; and
cyber insurance. Under each principle, effective practices are listed and defined for organizations,
including finance and banking to explore, apply, adopt, and implement.
Another government agency, the U.S. Securities and Exchange Commission, SEC included in its 2017
examinations priorities report focusing on cybersecurity and best practices to combat cyber-attacks in
the financial sector. Before the 2017 priorities report, the SEC Office of Compliance, Investigations, and
Examinations (OCIE) noted its observations of effective practices and approaches to managing and
combating cybersecurity risk and the maintenance and enhancement of operational resiliency that
organizations are using to combat cyber-attacks. (OCIE, 2000) The report states, “Recognizing that there
is no such thing as a “one-size fits all” approach and that all of these practices may not be appropriate
for all organizations, we are providing these observations to assist market participants in their
consideration of how to enhance cybersecurity preparedness and operational resiliency.”
The finance and banking industry are not all the same in size, assets, and information technology.
Instead of using cookie-cutter, OCIE suggests that size and other factors should be the determining
factor of what best practices each organization will explore, apply, adopt, and implement.
References
The Financial Industry Regulatory Authority. (2015, February). Report on cybersecurity practices. FIRNA.
Office of Compliance Inspections and Examination. Cybersecurity and resiliency observations.
Assignment: Identify Regional, Global, and Structures that Provide Cybersecurity Best Practices to the
Finance and Bank
REFERENCE:
•
Operation Digital Shield: Cybersecurity Regulations and Best Practices for Investment Advisers
McNiff, K. C., & Beatty, V. L. (2017). Operation digital shield: Cybersecurity regulations and best practices
for investment advisers. Business Law Today.
This article highlights why cybersecurity is among U.S. Securities and Exchange Commission (SEC) and
Financial Industry Regulatory Authority (FINRA) 2017 examination priorities and also addresses the
regulatory cybersecurity framework applicable to investment advisers and what steps advisers can
take to combat cyber-attacks. Focus reading on introduction, background, governance and risk
assessment, and access rights and controls.
• Report on Cybersecurity Practices
The Financial Industry Regulatory Authority. (2015, February). Report on cybersecurity practices. FIRNA.
This resource is a report of FINRA’s 2014 targeted examination, which is intended to assist
organizations in the financial services and other sectors that make responding to cyber threats and
attacks a high priority. Focus reading on pages 1-3, 6-8, and 12-13.
•
Framework for Improving Critical Infrastructure Cybersecurity
National Institute of Standards and Technology. (2018, April 16). Framework for improving critical
infrastructure cybersecurity, version 1.1. CSRC.
This resource presents a voluntary risk management framework (“the Framework”) that consists of
standards, guidelines, and best practices to manage cybersecurity-related risk to promote protection
and resilience of critical infrastructure and other sectors important to the economy and national
security. Focus reading on pages 1-7.
• Cybersecurity and Resiliency Observations
Security Exchange Commission. (2020, January 27). Cybersecurity and resiliency observations.
SEC Office of Compliance Inspections and Examination uses this resource to encourage market
participants to review their practices, policies, and procedures with respect to cybersecurity and
operational resiliency, which is also related to the finance and banking sector. Focus reading on pages
1-4.
• SEC Announces 2017 Examination Priorities
Securities and Exchange Commission. (2017, January 12). SEC announces 2017 examination priorities.
This resource, which was released in 2017, is an OCIE initiative to examine cybersecurity compliance
and controls at broker-dealers and investment advisers(i.e., finance and banking sector).
• FFIEC Information Technology Examination Handbook: Information Security
Federal Financial Institutions Examination Council (2016). Information Security.
This resource provides guidance to examiners and addresses factors necessary to assess the level of
security risks to a financial institution’s information systems. It also helps examiners evaluate the
adequacy of the information security program’s integration into overall risk management. Focus
reading on page ii.
Instructions
Identify specific sources of best practices that can contribute to improved outcomes for global
financial organizations and small regional banks. Near the end, briefly provide a suggested
solution for a global organization with more than 80,000 employees and a smaller
organization that has no more than 500 employees.
Provide an integrated analysis of options available and their relevance, include a brief set of
recommendations.
For this week’s assignment, you will write a 6-page report that explores cybersecurity
available resources and offers best practices for a global organization with more than 80,000
employees and a smaller organization that has no more than 500 employees in the finance and
banking industry.
Your report should include the following:
• Identify three state cybersecurity specific sources of best practices that can contribute
to improved outcomes for global financial organizations and small regional banks with
a focus on:
o Electronic digital media
o Technical controls
o Risk assessment
•
•
Identify three federal cybersecurity specific sources of best practices that can
contribute to improved outcomes for global financial organizations and small regional
banks with a focus on:
o Managing cybersecurity risk
o Combating cybersecurity risk
o Maintenance of operational resiliency
o Enhancement of operational resiliency
Include a detailed examination of unified cybersecurity best practices options, its
applicability, and a brief set of recommendations for:
o a global organization with more than 80,000 employees
o a smaller organization that has no more than 500 employees
Length: 6-page report
References: Include a minimum of 2 scholarly resources in addition to those listed in the
course.
The completed assignment should address all of the assignment requirements, exhibit
evidence of concept knowledge, and demonstrate thoughtful consideration of the content
presented in the course. The writing should integrate scholarly resources, reflect ac ademic
expectations and current APA standards.
.
Purchase answer to see full
attachment
