As promised in part one of our ANPR blog series, this edition will discuss and review the three approaches and how your organization can leverage Cytegic to meet the requirements of the cyber ANPR.
Though only a proposal, the ANPR has increased the level of concern within the regulatory community regarding cyber risk in financial organizations and their current state of controls. The ANPR focuses on these three main points:
- Focus on systemic risk
- Prescriptive standards for covered institutions
- Requires an enterprise-level, three-lines-of-defense approach to cyber risks, with strong board oversight
With the impact of the proposal still being discussed by the regulatory bodies, they have outlined three potential ways to implements the standard:
Approach 1: combination of a regulatory requirement to maintain a risk management framework for cyber risks along with a policy statement or guidance that describes minimum expectations for the framework
Approach 2: Specific cyber risk management standards (e.g., requirement for entities to establish a cybersecurity framework), which would cover the five categories noted in the previous post. For each category, the firm would have to establish and maintain:
- personnel and systems
- as well as a corporate governance structure that supports implementation of, and compliance with, the program across the enterprise and necessary changes to the program due to the firm’s evolving risk profile.)
Approach 3: A regulatory framework that is more detailed than approach 2, detailing specific objectives and practices covered entities would have to achieve for each of the five categories so that they can demonstrate compliance with the requirements
Cytegic offers a complete automatic, continuous solution of cybersecurity management and decision support system that enables executives, risk and security experts to monitor, measure and manage cybersecurity risk and defense posture. Cytegic’s technology identifies relevant attackers, attack methods and computes the threat landscape to deliver a proactive response of mitigation plan and action items to protect mission critical infrastructure and business assets. Now offering the first ever cloud-based cybersecurity management solution, Cytegic’s end-to-end platform includes friendly dashboards, powerful quantified defense monitoring and threat intelligence. Cytegic’s solution effectively and efficiently manages your cybersecurity operations to ensure that executives and security experts alike have complete visibility into the security controls and threats within and beyond their perimeter.
To learn more about ANPR or Cytegic, please click here or contact a trusted representative firstname.lastname@example.org.