Journal of Operational Risk
ISSN:
1744-6740 (print)
1755-2710 (online)
Editor-in-chief: Marcelo Cruz
Cyber risk assessment model for information assets: a tailored approach for the financial and banking sector
Need to know
- Managing cybersecurity amidst limited resources is increasingly challenging. Updated regulations now mandate institutions to assess their information assets and their associated cyber risks.
- While various methodologies for asset identification, risk quantification, and analysis have been introduced, none of them have been tailored to address the requirements and attributes of the financial and banking sector.
- This paper presents an efficient, systemic, and easy-to-use adaptive model designed to assess information assets and their associated cyber risks, specifically tailored to meet these distinctive requirements.
- This model affirms its effectiveness through a case study in a financial institution, aiming to address these shortcomings.
Abstract
Modern technological advancements have significantly impacted how financial institutions operate. At the same time the intensity and scale of cyber threats have escalated, and they are now capable of increasingly diverse and sophisticated attacks. With limited resources, it is increasingly difficult to effectively manage cyber security and discern which information assets (IAs) need protection. Updated regulations demand effective methodologies for identifying and classifying IAs. Current methods, however, without tailoring to the financial sector’s specific needs, often neglect IA evaluation, are one-dimensional, struggle with large inventories and focus solely on technical aspects. We present a systematic, reliable, holistic and user-friendly adaptive model specifically designed for assessing IAs and their cyber risk in the financial and banking sector. Through a detailed case study involving the application of our model to a substantial asset repository (N = 798), we demonstrate a powerful reduction mechanism. Post application, only 13% of IAs out of the total inventory were classified as high or very high risk. This approach effectively identifies IAs that necessitate resource allocation for significantly enhanced resilience against cyber attacks, underscoring the model’s efficiency and practicality in prioritizing cyber security efforts. It thus contributes to the wider benefit of society by safeguarding sensitive financial data, which is essential for both individual security and economic stability.
Copyright Infopro Digital Limited. All rights reserved.
As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (point 2.4), printing is limited to a single copy.
If you would like to purchase additional rights please email info@risk.net
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (clause 2.4), an Authorised User may only make one copy of the materials for their own personal use. You must also comply with the restrictions in clause 2.5.
If you would like to purchase additional rights please email info@risk.net
