Treating Cyber-Risk as an Operational Risk: Governance, Framework, Processes, and Technologies

Celent will help qualify your requirements and introduce you to the vendor
Spotted a missing vendor? Use this form to alert a vendor to the Celent service
Create a vendor selection project & run comparison reports
Register to access this feature
Click to express your interest in this report
Indication of coverage against your requirements
Vendor requires PRO subscription to activate this feature
Requires research subscription, contact Celent for more info
11 October 2016
Joan McGowan

Abstract

Celent has released a new report titled Treating Cyber-Risk as an Operational Risk: Governance, Framework, Processes, and Technologies. The report was written by Joan McGowan, senior analyst in Celent’s Banking practice.

Celent believes a smarter approach to balancing cyber-risk and innovation is strong top-down governance and the implementation of the National Institute of Standard and Technology (NIST) cybersecurity framework, with the alignment of cybersecurity under operational risk management processes.

Treating cyber-risk only as an IT issue is dangerous. Cyber-risks need to be treated holistically and owned by all.

There are several industry frameworks available to financial institutions. Celent recommends the NIST framework because it is well organized and comprehensive and lets you take advantage of your current operational risk program. Very few institutions, if any, should be going this alone; institutions need dedicated expert partners, and advanced technical capabilities.

“Stop throwing money at cybersecurity technology. Use the NIST cybersecurity framework functions to navigate and manage your technology requirements. Do not purchase in siloes or under pressure. Select the right expertise to identify the issues and the right products. The most important thing is to educate decision-makers on why and how breaches happen,” says McGowan.

“Cyber-risks are weaknesses in people, processes, controls, and operations: the definition of operational risk. Take advantage of your current operational processes and consider adopting the NIST cybersecurity framework,” she adds.

Insight details

Content Type
Reports
Location
Asia-Pacific, EMEA, LATAM, North America
Special Interest
Risk Management & Compliance