APAC CIOOutlook

Advertise

with us

  • Technologies
      • Artificial Intelligence
      • Big Data
      • Blockchain
      • Cloud
      • Digital Transformation
      • Internet of Things
      • Low Code No Code
      • MarTech
      • Mobile Application
      • Security
      • Software Testing
      • Wireless
  • Industries
      • E-Commerce
      • Education
      • Logistics
      • Retail
      • Supply Chain
      • Travel and Hospitality
  • Platforms
      • Microsoft
      • Salesforce
      • SAP
  • Solutions
      • Business Intelligence
      • Cognitive
      • Contact Center
      • CRM
      • Cyber Security
      • Data Center
      • Gamification
      • Procurement
      • Smart City
      • Workflow
  • Home
  • CXO Insights
  • CIO Views
  • Vendors
  • News
  • Conferences
  • Whitepapers
  • Newsletter
  • Awards
Apac
  • Artificial Intelligence

    Big Data

    Blockchain

    Cloud

    Digital Transformation

    Internet of Things

    Low Code No Code

    MarTech

    Mobile Application

    Security

    Software Testing

    Wireless

  • E-Commerce

    Education

    Logistics

    Retail

    Supply Chain

    Travel and Hospitality

  • Microsoft

    Salesforce

    SAP

  • Business Intelligence

    Cognitive

    Contact Center

    CRM

    Cyber Security

    Data Center

    Gamification

    Procurement

    Smart City

    Workflow

Menu
    • Risk Management
    • Cyber Security
    • Hotel Management
    • Workflow
    • E-Commerce
    • Business Intelligence
    • MORE
    #

    Apac CIOOutlook Weekly Brief

    ×

    Be first to read the latest tech news, Industry Leader's Insights, and CIO interviews of medium and large enterprises exclusively from Apac CIOOutlook

    Subscribe

    loading

    THANK YOU FOR SUBSCRIBING

    • Home
    Editor's Pick (1 - 4 of 8)
    left
    Risk Assessment Keeping Cyber Bully Away

    Paul Ernst, CIO, Sandler Capital Management

    Digitization Transforming Business in all Sectors

    Robert Aitken, CIO, Beyond Bank Australia

    Trend Micro: Nurturing Risk Management with Hybrid Cloud

    CEO & Co-founder

    Ensuring your Seat on the Leadership Table

    David Otte, CAO and CIO, Bingham Greenebaum Doll LLP

    Cyber Fraud - the Silent Killer

    Bill Murphy, SVP, CIO & CRO, Fidelity Bank of Florida N.A.

    Navigating the Dynamic Terrain of Modern Banking

    HenkySulistyo, Chief Risk Officer ,CIMB Niaga

    Getting the Most from Your Road Risk Management Programme

    Caroline Perry, Development Director at Brake

    Data Intelligence Steroids as a Decision Making Process

    Vladimir Mendes Queiroz, Internal Audit Manager, Eliane Ceramic Tiles Brazil / Mohawk Industries Inc

    right

    All Roads Lead to Risk Assessment

    Christopher R. Barber, EVP & CIO, Commonwealth Business Bank

    Tweet
    content-image

    Christopher R. Barber, EVP & CIO, Commonwealth Business Bank

    Historically institutions primarily focused on the detection and protection of possible Information Security breaches. However in today’s environment, defending against possible breaches is no longer enough. With the increase of Cyber attacks, we must be proactively seeking out where an attacker may strike next and fortify this location through active Risk Assessment. This means that you not only implement a control, but that you test that control on a regular basis and adapt as necessary.

    “Cybersecurity isn’t a technical issue, it’s a business issue. As such, it should be understood at all levels of the organization”

    Cybercrime is becoming more frequent than ever and it’s not just the frequency that is increasing but the intent of the attacker. In years gone by, attackers would try to infiltrate a computer system as a challenge or prank, or to impress others in the hacker community. However today, the attackers are becoming much more destructive, using Distributed Denial of Service (DDoS) attacks to bring down servers. These types of attacks can cause reputational risks and in the case of Transactional services, cause the company financial damage in lost sales. In some cases, the DDoS is just a distraction so you take your eye off the other system controls as the attacker tries to get to your data.

    While most often larger institutions are the targets for these types of attacks, smaller institutions need to be vigilant as well. While smaller companies may not be on the radar of most active attackers, there are still plenty of ways they can worm their way into your network. This is most often accomplished through a process call “Social Engineering”.

    In short, Social engineering is the manipulation of people, so that they give up confidential information. The types of information attackers are looking for can vary, but when targeted, the attacker is usually trying to trick you into giving them your passwords, bank information, or access your computer so that they can install malicious software without your knowledge. This can be done electronically in many variations such as Phishing, Baiting or Ransomware. They can also do it in a more personal way by calling you and pretending to be an employee, tailgating you into your office and so on.

    While security used to be all about Information Security, today we have to put more focus on cybersecurity. On 3rd November 2015, the FFIEC published a press release, alerting financial institutions of the increasing frequency and severity of cyber-attacks involving extortion. So how do we protect our institutions from these bad guys? To quote a colleague, “All Roads let to your Risk Assessment.” In June of 2015, the FFIEC released a Cybersecurity Assessment Tool (CAT) to help institutions identify their risks and assess their Cybersecurity preparedness. There are two major parts to this assessment tool:

    Inherent Risk Profile:

    • This identifies the amount of risk to the organization based on types of volumes and complexities of technologies, connections, delivers channels, products, services, organizational characteristics and external threats.

    Cybersecurity Maturity Level:

    • Cyber Risk Management Oversight.

    • Threat Intelligence and Collaboration.

    • Cybersecurity Controls.

    • External Dependency Management.

    • Cyber Incident Management and Resilience.

    If this all sounds like a lot to swallow, it is. While the FFIEC Cybersecurity Assessment Tool is meant for financial institutions, I feel it is a good example of how diligently all institutions should be reviewing their Cybersecurity policies. We have recently begun our Bank’s Cybersecurity Assessment and it has taken us not only time, but it also required a lot of contemplation on our actual security positions. Once we worked our way through the 120+ risk assessment questions, we were able to assess our risk levels. Next we had to identify what mitigating controls we had in place to reduce that risk. Finally and perhaps a more tedious process, we had to go through each of the 120+ risks/controls and map each one back to the policy, process or committee where each control was documented and when and how it was verified.

    While this was a very detailed process, it was an eye opening experience on exactly where our Cybersecurity preparedness actually was. By no means were we lacking in our overall Security Program, but it made it clear, there were areas we should improve; such as testing and documentation, things we can show the examiners. One other area that this Cybersecurity Assessment had us focus on was how we manage our 3rd Party Vendor Risk. Not only should we be doing Cybersecurity Assessments on our organization, but we should also be looking at our Tier 1 Vendors Cybersecurity Programs. It is important that their programs be reviewed on a regular basis to ensure their compliance.

    The last point I will make here, and an increasingly important one, is that many Boards of Directors and Executive Management feel that Cybersecurity is only an IT issue. This couldn’t be farther from the truth. Cybersecurity isn’t a technical issue, it’s a business issue. As such, it should be understood at all levels of the organization. The Board and Executive Management need to understand the risks their company are facing and the controls that are in place. Only then can they can effectively evaluate the residual risk and decide whether or not they are willing to except it. Cybersecurity by itself is not the end-all solution to IT Security; however, it is another powerful tool in the overall fight against Cybercrime. Remember, All Roads lead to your Risk Assessment.

    With an aim to build financial relationships, CBB (Commonwealth Business Bank) proffers deposit facilities and product lending services to its clients meeting their financial requirements. Headquartered in Los Angeles, US, CBB was established in the year 2005.

    Check out: Top Risk Management Solution Companies
    tag

    Financial

    Information Security

    Weekly Brief

    loading
    10 Most Promising Risk Management Solution Providers - 2017
    ON THE DECK

    Risk Management 2017

    I agree We use cookies on this website to enhance your user experience. By clicking any link on this page you are giving your consent for us to set cookies. More info

    Read Also

    Artificial Intelligence - Myths And Truths

    Artificial Intelligence - Myths And Truths

    Geraldo Pereira Junior, Chief Information Officer, Ypê
    Sustainable Future through Innovative Technology Solutions

    Sustainable Future through Innovative Technology Solutions

    Faisal Parvez, Director, BT Business CIO
    The Future Relies on Augmented AI

    The Future Relies on Augmented AI

    Laurent Fresnel, CIO, The Star Entertainment Group
    Digitalization with the use of digital technologies/Improving business through digital technologies

    Digitalization with the use of digital technologies/Improving business through digital technologies

    Wilbertus Darmadi, CIO, Toyota Astra Motor
    How Marco's Pizza Leaned On Technology To Succeed Amid The Pandemic By Quickly Pivoting To Contact-Free Delivery And Curbside Carryout

    How Marco's Pizza Leaned On Technology To Succeed Amid The Pandemic By Quickly Pivoting To Contact-Free Delivery And Curbside Carryout

    Rick Stanbridge, VP & Chief Information Officer, Marco’s Pizza
    Bunnings  Diy Digital Transformation

    Bunnings Diy Digital Transformation

    Leah Balter, Chief Information Officer, Bunnings
    For a Smarter City: Trust the Data, Ignore the Hype

    For a Smarter City: Trust the Data, Ignore the Hype

    Brad Dunkle, Deputy CIO, City of Charlotte
    Smart Community Innovation for the Post Pandemic

    Smart Community Innovation for the Post Pandemic

    Harry Meier, Deputy Cio for Innovation, Department of Innovation and Technology, City of Mesa
    Loading...
    Copyright © 2025 APAC CIOOutlook. All rights reserved. Registration on or use of this site constitutes acceptance of our Terms of Use and Privacy and Anti Spam Policy 

    Home |  CXO Insights |   Whitepapers |   Subscribe |   Conferences |   Sitemaps |   About us |   Advertise with us |   Editorial Policy |   Feedback Policy |  

    follow on linkedinfollow on twitter follow on rss
    This content is copyright protected

    However, if you would like to share the information in this article, you may use the link below:

    https://risk-management.apacciooutlook.com/ciospeaks/all-roads-lead-to-risk-assessment-nwid-2003.html