ベンダー
English

Treating Cyber-Risk as an Operational Risk: Governance, Framework, Processes, and Technologies

Create a vendor selection project
Click to express your interest in this report
Indication of coverage against your requirements
A subscription is required to activate this feature. Contact us for more info.
Celent have reviewed this profile and believe it to be accurate.
We are waiting for the vendor to publish their solution profile. Contact us or request the RFX.
Projects allow you to export Registered Vendor details and survey responses for analysis outside of Marsh CND. Please refer to the Marsh CND User Guide for detailed instructions.
Download Registered Vendor Survey responses as PDF
Contact vendor directly with specific questions (ie. pricing, capacity, etc)
2016/10/11

Abstract

Celent has released a new report titled Treating Cyber-Risk as an Operational Risk: Governance, Framework, Processes, and Technologies. The report was written by Joan McGowan, senior analyst in Celent’s Banking practice.

Celent believes a smarter approach to balancing cyber-risk and innovation is strong top-down governance and the implementation of the National Institute of Standard and Technology (NIST) cybersecurity framework, with the alignment of cybersecurity under operational risk management processes.

Treating cyber-risk only as an IT issue is dangerous. Cyber-risks need to be treated holistically and owned by all.

There are several industry frameworks available to financial institutions. Celent recommends the NIST framework because it is well organized and comprehensive and lets you take advantage of your current operational risk program. Very few institutions, if any, should be going this alone; institutions need dedicated expert partners, and advanced technical capabilities.

“Stop throwing money at cybersecurity technology. Use the NIST cybersecurity framework functions to navigate and manage your technology requirements. Do not purchase in siloes or under pressure. Select the right expertise to identify the issues and the right products. The most important thing is to educate decision-makers on why and how breaches happen,” says McGowan.

“Cyber-risks are weaknesses in people, processes, controls, and operations: the definition of operational risk. Take advantage of your current operational processes and consider adopting the NIST cybersecurity framework,” she adds.