Apac
  • Home
  • CXO Insights
  • CIO Views
  • News
  • Conferences
  • Newsletter
  • Whitepapers
  • About us
Apac
  • Admired Tech

    Agile

    AI Healthcare

    Artificial Intelligence

    Augmented Reality

    Aviation

    Big Data

    Blockchain

    Cloud

    Cryptocurrency

    Cyber Security

    Digital Transformation

    Drone

    HPC

    Infrared

    Internet of Things

    Networking

    PropTech

    Remote Work

    Scheduling Software

    Simulation

    Startup

    Storage

    Wireless

  • Banking

    E-Commerce

    Education

    FinTech

    Food and Beverages

    Healthcare

    Insurance

    Legal

    Manufacturing

    Pharma and Life Science

    Retail

    Travel and Hospitality

  • CISCO

    Microsoft

    Oracle

    Salesforce

    SAP

    ServiceNow

  • Business Intelligence

    CEM

    Cloud-based Planning

    Cognitive

    Compliance

    Contact Center

    Contact Tracing

    Contactless Payments

    Content Management System

    Corporate Finance

    CRM

    Custom Software Development

    Data Center

    Enterprise Architecture

    Enterprise Communications

    Enterprise Contract Management

    ERP

    Field Service

    HR Technology

    IT Service Management

    Managed Services

    Procurement

    Product Management

    RegTech

    Revenue Management

Menu
    • Risk Management
    • Cognitive
    • Digital Transformation
    • E-Commerce
    • Blockchain
    • RegTech
    • IT Service Management
    • Augmented Reality
    • Microsoft
    • Contact Center
    • Collaboration
    • Healthcare
    • MORE
    #

    Apac CIO Outlook Weekly Brief

    ×

    Be first to read the latest tech news, Industry Leader's Insights, and CIO interviews of medium and large enterprises exclusively from Apac CIO Outlook

    Subscribe

    loading

    THANK YOU FOR SUBSCRIBING

    • Home
    • Risk Management
    Editor's Pick (1 - 4 of 8)
    left
    Risk Assessment Keeping Cyber Bully Away

    Paul Ernst, CIO, Sandler Capital Management

    Digitization Transforming Business in all Sectors

    Robert Aitken, CIO, Beyond Bank Australia

    Trend Micro: Nurturing Risk Management with Hybrid Cloud

    CEO & Co-founder

    Ensuring your Seat on the Leadership Table

    David Otte, CAO and CIO, Bingham Greenebaum Doll LLP

    Cyber Fraud - the Silent Killer

    Bill Murphy, SVP, CIO & CRO, Fidelity Bank of Florida N.A.

    Fintech: Opportunities and Challenges in APAC

    Huankiat Seh, Co-founder and CTO, CoAssets Limited

    Big Data Analytics - Finding Diamonds in the Rough

    Fulvio Barbuio, Head Corporate Treasury and Risk, Australian Broadcasting Corporation

    Top 5 Compliance Risks for APAC CIOs

    Beng Ti, Head of Compliance, Asia, Fujitsu

    right

    All Roads Lead to Risk Assessment

    By Christopher R. Barber, EVP & CIO, Commonwealth Business Bank

    Tweet
    content-image

    Christopher R. Barber, EVP & CIO, Commonwealth Business Bank

    Historically institutions primarily focused on the detection and protection of possible Information Security breaches. However in today’s environment, defending against possible breaches is no longer enough. With the increase of Cyber attacks, we must be proactively seeking out where an attacker may strike next and fortify this location through active Risk Assessment. This means that you not only implement a control, but that you test that control on a regular basis and adapt as necessary.

    “Cybersecurity isn’t a technical issue, it’s a business issue. As such, it should be understood at all levels of the organization”

    Cybercrime is becoming more frequent than ever and it’s not just the frequency that is increasing but the intent of the attacker. In years gone by, attackers would try to infiltrate a computer system as a challenge or prank, or to impress others in the hacker community. However today, the attackers are becoming much more destructive, using Distributed Denial of Service (DDoS) attacks to bring down servers. These types of attacks can cause reputational risks and in the case of Transactional services, cause the company financial damage in lost sales. In some cases, the DDoS is just a distraction so you take your eye off the other system controls as the attacker tries to get to your data.

    While most often larger institutions are the targets for these types of attacks, smaller institutions need to be vigilant as well. While smaller companies may not be on the radar of most active attackers, there are still plenty of ways they can worm their way into your network. This is most often accomplished through a process call “Social Engineering”.

    In short, Social engineering is the manipulation of people, so that they give up confidential information. The types of information attackers are looking for can vary, but when targeted, the attacker is usually trying to trick you into giving them your passwords, bank information, or access your computer so that they can install malicious software without your knowledge. This can be done electronically in many variations such as Phishing, Baiting or Ransomware. They can also do it in a more personal way by calling you and pretending to be an employee, tailgating you into your office and so on.

    While security used to be all about Information Security, today we have to put more focus on cybersecurity. On 3rd November 2015, the FFIEC published a press release, alerting financial institutions of the increasing frequency and severity of cyber-attacks involving extortion. So how do we protect our institutions from these bad guys? To quote a colleague, “All Roads let to your Risk Assessment.” In June of 2015, the FFIEC released a Cybersecurity Assessment Tool (CAT) to help institutions identify their risks and assess their Cybersecurity preparedness. There are two major parts to this assessment tool:

    Inherent Risk Profile:

    • This identifies the amount of risk to the organization based on types of volumes and complexities of technologies, connections, delivers channels, products, services, organizational characteristics and external threats.

    Cybersecurity Maturity Level:

    • Cyber Risk Management Oversight.

    • Threat Intelligence and Collaboration.

    • Cybersecurity Controls.

    • External Dependency Management.

    • Cyber Incident Management and Resilience.

    If this all sounds like a lot to swallow, it is. While the FFIEC Cybersecurity Assessment Tool is meant for financial institutions, I feel it is a good example of how diligently all institutions should be reviewing their Cybersecurity policies. We have recently begun our Bank’s Cybersecurity Assessment and it has taken us not only time, but it also required a lot of contemplation on our actual security positions. Once we worked our way through the 120+ risk assessment questions, we were able to assess our risk levels. Next we had to identify what mitigating controls we had in place to reduce that risk. Finally and perhaps a more tedious process, we had to go through each of the 120+ risks/controls and map each one back to the policy, process or committee where each control was documented and when and how it was verified.

    While this was a very detailed process, it was an eye opening experience on exactly where our Cybersecurity preparedness actually was. By no means were we lacking in our overall Security Program, but it made it clear, there were areas we should improve; such as testing and documentation, things we can show the examiners. One other area that this Cybersecurity Assessment had us focus on was how we manage our 3rd Party Vendor Risk. Not only should we be doing Cybersecurity Assessments on our organization, but we should also be looking at our Tier 1 Vendors Cybersecurity Programs. It is important that their programs be reviewed on a regular basis to ensure their compliance.

    The last point I will make here, and an increasingly important one, is that many Boards of Directors and Executive Management feel that Cybersecurity is only an IT issue. This couldn’t be farther from the truth. Cybersecurity isn’t a technical issue, it’s a business issue. As such, it should be understood at all levels of the organization. The Board and Executive Management need to understand the risks their company are facing and the controls that are in place. Only then can they can effectively evaluate the residual risk and decide whether or not they are willing to except it. Cybersecurity by itself is not the end-all solution to IT Security; however, it is another powerful tool in the overall fight against Cybercrime. Remember, All Roads lead to your Risk Assessment.

    With an aim to build financial relationships, CBB (Commonwealth Business Bank) proffers deposit facilities and product lending services to its clients meeting their financial requirements. Headquartered in Los Angeles, US, CBB was established in the year 2005.

    Check out: Top Risk Management Solution Companies
    tag

    Financial

    Information Security

    Weekly Brief

    loading
    10 Most Promising Risk Management Solution Providers - 2017

    Featured Vendors

    Delta Insurance

    Ian Pollard, Co-Founder & MD

    Broadridge

    David Becker , MD, Asia Pacific

    ON THE DECK

    Other 2021

    Top Vendors

    Content Management System 2020

    Top Vendors

    Previous Next

    I agree We use cookies on this website to enhance your user experience. By clicking any link on this page you are giving your consent for us to set cookies. More info

    Read Also

    Accelerating Petcare Innovation through CRM and Digital Vision

    Accelerating Petcare Innovation through CRM and Digital Vision

    Miao Song, Chief Information Officer, Mars Petcare
    How Cloud Systems are Impacting Business Environments

    How Cloud Systems are Impacting Business Environments

    Martin Stegner, CIO, NOVUM Hospitality
    Digital Tack

    Digital Tack

    Claus Nehmzow, Chief Innovation Officer, Eastern Pacific Shipping Pte
    Brokering the Cloud Services

    Brokering the Cloud Services

    Eric Boyette, Secretary & State CIO, Information Technology
    Defining a Cloud Strategy: A Higher Education Paradigm

    Defining a Cloud Strategy: A Higher Education Paradigm

    Russell M. Kaurloto, VP and CIO, Clemson University
    The 4Ps of Digital Transformation in Pharmaceutical Industry

    The 4Ps of Digital Transformation in Pharmaceutical Industry

    Debraj Dasgupta, Operating Officer, Head of Strategy and Go-To-Market Planning Division, Nippon Boehringer Ingelheim
    Technology’s Role in The Care and Quality of Life for The Aged

    Technology’s Role in The Care and Quality of Life for The Aged

    Jose A Perez, Chief Information Officer, Hammondcare
    How ECM is Revolutionizing Organizations

    How ECM is Revolutionizing Organizations

    Thomas Phelps IV, VP of Corporate Strategy & CIO, Laserfiche
    Loading...

    Copyright © 2021 APAC CIOoutlook. All rights reserved. Registration on or use of this site constitutes acceptance of our Terms of Use and Privacy Policy  |  Sitemap |  Subscribe

    follow on linkedinfollow on twitter follow on rss
    This content is copyright protected

    However, if you would like to share the information in this article, you may use the link below:

    https://risk-management.apacciooutlook.com/ciospeaks/all-roads-lead-to-risk-assessment-nwid-2003.html