Treating Cyber-Risk as an Operational Risk: Governance, Framework, Processes, and Technologies

Create a vendor selection project & run comparison reports
Click to express your interest in this report
Indication of coverage against your requirements
A subscription is required to activate this feature. Contact us for more info.
Celent have reviewed this profile and believe it to be accurate.
11 October 2016
Joan McGowan

Abstract

Celent has released a new report titled Treating Cyber-Risk as an Operational Risk: Governance, Framework, Processes, and Technologies. The report was written by Joan McGowan, senior analyst in Celent’s Banking practice.

Celent believes a smarter approach to balancing cyber-risk and innovation is strong top-down governance and the implementation of the National Institute of Standard and Technology (NIST) cybersecurity framework, with the alignment of cybersecurity under operational risk management processes.

Treating cyber-risk only as an IT issue is dangerous. Cyber-risks need to be treated holistically and owned by all.

There are several industry frameworks available to financial institutions. Celent recommends the NIST framework because it is well organized and comprehensive and lets you take advantage of your current operational risk program. Very few institutions, if any, should be going this alone; institutions need dedicated expert partners, and advanced technical capabilities.

“Stop throwing money at cybersecurity technology. Use the NIST cybersecurity framework functions to navigate and manage your technology requirements. Do not purchase in siloes or under pressure. Select the right expertise to identify the issues and the right products. The most important thing is to educate decision-makers on why and how breaches happen,” says McGowan.

“Cyber-risks are weaknesses in people, processes, controls, and operations: the definition of operational risk. Take advantage of your current operational processes and consider adopting the NIST cybersecurity framework,” she adds.

Subscription required

Access to this content requires a Celent research subscription.

Subscribers should sign in to access this research.

Insight details

Content Type
Reports
Focus
Risk Management & Compliance
Location
Asia-Pacific, EMEA, LATAM, North America