The Carnegie Endowment for International Peace wants to help make high-level cybersecurity simple for CEOs, CISOs and Board Members of financial institutions – that’s why they’ve released “Cyber Resilience and Financial Organizations: A Capacity-building Tool Box”.
One of the most significant barriers to success in cybersecurity is complexity. Especially when it comes to leadership from the top-down of an organization.
Think about it – those that are CEOs, executives and board members of a major financial organization have spent their lives gaining the experience and insight needed to properly execute their duties.
How likely is it that they would also become cybersecurity experts as well?
Nevertheless, understanding and promotion of cybersecurity best practices is their responsibility, which is why practical and effective resources for cybersecurity management are so valuable.
This is precisely what the many partners behind the “Cyber Resilience and Financial Organizations: A Capacity-building Tool Box” hope to offer.
In this article, we’ll answer the following questions about this set of cybersecurity resources:
Cyber Resilience and Financial Organizations: A Capacity-building Tool Box is comprised of six, one-page guides that follow clearly defined goals, intended for a specific high-level perspective within a financial organization. The goal of the resource is to offer a simple way for CEOs, CISOs and Board Members to participate in and promote cybersecurity for their organization.
“The guides are designed to be practical, actionable, and easy-to-use to maximize their benefit and impact on financial institutions’ cyber resilience”, said Tim Maurer, Co-director of Carnegie’s Cyber Policy Initiative, in a press release. “When used properly, these tools will prevent dangerous hacks to financial systems across the world.”
This tool box is based on a year of collaborative work between many of the world’s most formidable cybersecurity experts. Made up of checklists and step-by-step guides, the six resources are also available in a range of languages, including Arabic, Dutch, English, French, Portuguese, Russian and Spanish.
For each of the six components, the tool box offers a guide and a checklist. The former offers a summary of what is expected of the role for which the guide and checklist are designed, and the checklist provides a simple method by which to ensure these expectations are being met.
Cybersecurity Leadership (Board-Level Guide And Checklist)
This guide and checklist are intended for use by board members of financial institutions, detailing the following expectations of such members:
Cybersecurity Leadership (CEO-Level Guide And Checklist)
This guide and checklist are intended for use by the CEO of a financial institution, detailing their expectations as follows:
Protecting The Organization (CISO-Level Guide And Checklist)
As the head of the organization’s cybersecurity, the CISO’s guides are the most extensive, detailing the many priorities they will have to balance to maintain cybersecurity:
Protecting Customers (CISO-Level Guide And Checklist)
The second of the tool box’s guides for CISOs, this resource explores how to promote secure practices on the customer’s part, and how to interact with customer data in a secure manner:
Protecting Connections To Third Parties (CISO-Level Guide And Checklist)
The last of three resources for CISOs pertains to third parties, whose cybersecurity is of the utmost importance:
Incident Response Guide
The last resource in the tool box provides a comprehensive guide for incident response. The guide covers every necessary aspect, from preparation and testing prior to an incident, to response during an incident, and recovery and review after the fact.
This tool box has been designed to be as simple and effective as possible, offering each resource (no more than one double-sided page each) for specific members in your financial organization.
To make use of this resource, you could start by simply giving each guide and checklist to the relevant party for review, and then begin meeting to develop a roadmap to identify where your organization is in line with the checklists, and how you will go about implementing any remaining practices.
However, it’s important to note that, no matter how understandable and intuitive these resources are, the process of following them may not be. This is especially true when it comes to how much time your CEO, CISO, and board members can commit to this process. Depending on your current cybersecurity processes, it could take some time to bring them up the standards detailed in this tool box.
This is why it’s advised that you seek expert support – Kraft Technology Group can assist in the process. We have extensive experience in support financial organizations’ IT efforts – that’s actually how we began in the industry, working with our parent company, KraftCPAs.
As detailed in the press release, the partners behind the project are as follows:
The Carnegie Endowment for International Peace
The Carnegie Endowment for International Peace is a unique global network of policy research centers in Russia, China, Europe, the Middle East, India, and the United States. Our mission, dating back more than a century, is to advance peace through analysis and development of fresh policy ideas and direct engagement and collaboration with decision-makers in government, business, and civil society. Working together, our centers bring the inestimable benefit of multiple national viewpoints to bilateral, regional, and global issues.
The International Monetary Fund
The International Monetary Fund (IMF) is an organization of 189 countries, working to foster global monetary cooperation, secure financial stability, facilitate international trade, promote high employment and sustainable economic growth, and reduce poverty around the world. Created in 1945, the IMF is governed by and accountable to the 189 countries that make up its near-global membership. The IMF’s primary purpose is to ensure the stability of the international monetary system—the system of exchange rates and international payments that enables countries (and their citizens) to transact with each other. The Fund’s mandate was updated in 2012 to include all macroeconomic and financial sector issues that bear on global stability.
The SWIFT Institute
The SWIFT Institute, set up by SWIFT, funds independent research, supports knowledge-led debate and provides a forum where academics and financial practitioners can learn from each other. The primary focus of the SWIFT Institute’s work is transaction banking, covering the areas of payments & banking, securities, cybersecurity, technology & innovation, regulation & compliance, and leadership. To date, more than 40 research grants have been issued and ten conferences held. All of the Institute’s research is freely available to download and share at www.swiftinstitute.org.
The Financial Services Information Sharing and Analysis Center (FS-ISAC) is an industry consortium dedicated to reducing cyber-risk in the global financial system. Serving financial institutions and in turn their customers, the organization leverages its intelligence platform, resiliency resources, and a trusted peer-to-peer network of experts to anticipate, mitigate and respond to cyberthreats. FS-ISAC has nearly 7,000-member firms with users in more than 70 countries. Headquartered in the US, the organization has offices in the UK and Singapore. To learn more, visit fsisac.com.
Standard Chartered is a leading international bank, working across some of the world’s most dynamic markets including Asia, Africa, and the Middle East, driving commerce and prosperity through its unique diversity. With more than 86,000 employees and a presence in 60 markets, Standard Chartered’s network serves customers in close to 150 markets worldwide. The Bank offers services that help people and companies to succeed, creating wealth and growth across its footprint.
The Global Cyber Alliance
The Global Cyber Alliance (GCA) is an international, cross-sector effort dedicated to eradicating cyber risk and improving our connected world. We achieve our mission by uniting global communities, implementing concrete solutions, and measuring the effect. GCA, a 501(c)3, was founded in September 2015 by the Manhattan District Attorney’s Office, the City of London Police and the Center for Internet Security. Learn more at www.globalcyberalliance.org.
The Cyber Readiness Institute
The Cyber Readiness Institute is an initiative that convenes senior business leaders from across sectors and geographic regions to share resources and knowledge that inform the development of free cybersecurity tools for small and medium-sized businesses. The Institute seeks to advance the cyber readiness of small and medium-sized businesses to improve the security of global value chains. The free, self-guided Cyber Readiness Program for small and medium-sized businesses was launched in December 2018.
Like this blog? Check out the following articles to learn more: