Managing Cyber Risks: A New Tool for BanksJosh Magri of BITS and Denyette DePierro of the ABA Describe Cybersecurity Profile
Banks have a new tool available to help them develop and maintain cyber risk management programs. In a joint interview with Information Security Media Group, two architects of the Financial Services Sector Cybersecurity Profile - Josh Magri of the Bank Policy Institute and Denyette DePierro of the American Bankers Association - describe how to put the new tool to good use.
The profile, which is based, in part, on the NIST Cybersecurity Framework, provides a roadmap to risk management as well as compliance, they say.
"It's a scalable and extensible assessment that financial institutions of all types can use both for internal assessment and external assessment," Magri says. "It's really a mechanism by which firms can also [demonstrate] compliance with various regulatory frameworks."
The profile provides the financial services community with a consolidated guide to complying with dozens of cybersecurity regulations, DePierro explains.
"We realized that if we didn't come up with some kind of an approach that harmonized all of those different thoughts and postures around cybersecurity, we were going to end up with potentially 50 rules around cybersecurity for financial services," she says.
In this interview (see audio link below photo), Magri and DePierro discuss:
- The objectives of the new cybersecurity profile;
- How it leverages the NIST Cybersecurity Framework;
- The potential for developing a privacy document.
Magri and DePierro will offer an in-depth presentation on the Financial Services Sector Cybersecurity Profile at ISMG's Legal & Compliance Summit in New York on Nov. 15.
DePierro is vice president and senior counsel at the Center for Payments & Cybersecurity, American Bankers Association. She focuses on the state, federal and international regulation of technology, cybersecurity, privacy and data security as well as emerging trends in banking, including fintech, blockchain, internet of things, artificial intelligence and social media.
Magri is senior vice president and counsel for regulation and developing technologies for BITS, the technology policy division of the Bank Policy Institute. Previously, he served as vice president and counsel for regulation and developing technologies at the Financial Services Roundtable/BITS.