On the heels of survey findings detailing inefficient cybersecurity supervisory examinations, the Financial Services Sector Coordinating Council (FSSCC) joined a group of trade associations in unveiling a new Cybersecurity Profile.
Officials said the effort, which included the Future Industries Association (FIA) was spurred by a survey of chief information security officers, who indicated nearly 40 percent of their time was spent on compliance and reconciling competing, duplicative and redundant documents.
The Cybersecurity Profile provides a framework that integrates widely used standards and supervisory expectations to help guide financial institutions in developing and maintaining cybersecurity risk management programs. It serves as the result of two years’ work and collaboration among financial institutions, trade groups, and government agencies.
“The Cybersecurity Profile represents the industry’s commitment to working together to preserve the safety and soundness of the financial system by mitigating and protecting its institutions, their customers and the broader economy from increasing cybersecurity risks,” Chris Freeney, Policy Committee co-chair of the FSSCC, said. “The Cybersecurity Profile is a first of its kind document that will help the industry harmonize its approach to cybersecurity risk management.”
The Profile uses a questionnaire to identify the risk and complexity of a company and match the company with an appropriate, customized and focused cybersecurity assessment, per officials, who noted with its tailoring, the Profile enables front-line defenders to optimize their time on security activity, rather than compliance.
FIA officials said the group serves as the leading global trade organization for the futures, options and centrally cleared derivatives markets, with offices in Brussels, London, Singapore, and Washington, D.C.