The Policy Approaches to Strengthen Cyber Security in the Financial Sector (Summary) July 2, 2015 Financial Services Agency



Similar documents
Cybersecurity Strategy in Japan

Committees Date: Subject: Public Report of: For Information Summary

Information Technology Engineers Examination. Information Security Specialist Examination. (Level 4) Syllabus

Viewpoint: Implementing Japan s New Cyber Security Strategy*

Annual Supervisory Policies for Insurance Companies, etc. for Program Year 2008

Cyber Security in Japan (v.2)

Cyber Security Strategy(Information Security Policy Council, June 10, 2013)

Priority within the policy system Organizational and Operational Principles 1. Goal. The basic idea about the Goal

September 20, 2013 Senior IT Examiner Gene Lilienthal

Contingency Planning in ICSA Member Countries

Business Continuity Planning at the Bank of Japan

Microsoft s cybersecurity commitment

I N T E L L I G E N C E A S S E S S M E N T

Guidelines for Supervision of Credit Rating Agencies

By: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015

Inclusive Insurance 2014 Ulaanbaatar, April 16, 2014

Cybersecurity. Are you prepared?

MIC s Efforts on Cybersecurity Human Resource Development

Information Security 2012

Annual Supervisory Policies for Major Banks. for Program Year 2008

For Discussion Paper No. 9/2011 on 3 November 2011 DIGITAL 21 STRATEGY ADVISORY COMMITTEE. Cyber Security

Under the Cybersecurity Law, network operators are obligated to consider the following security

Future cybersecurity threats and research needs.

CERT.AZ description as per RfC 2350

OCIE CYBERSECURITY INITIATIVE

Technology and Cyber Resilience Benchmarking Report December 2013

Cyber Security Risk Management

Fujitsu Group s Information Security

Working Towards the 2020 Tokyo Olympics

How To Protect Critical Infrastructure

Cyber security guide for boardroom members

The FDIC s Supervisory Approach to Cyberattack Risks

CYBERSECURITY EXAMINATION SWEEP SUMMARY

Partnership for Cyber Resilience

National Cyber Threat Information Sharing. System Strengthening Study

Access to Japanese Markets

Remarks by. Thomas J. Curry. Comptroller of the Currency. Before the. Chicago. November 7, 2014

A COMPREHENSIVE INTER-AMERICAN CYBERSECURITY STRATEGY: A MULTIDIMENSIONAL AND MULTIDISCIPLINARY APPROACH TO CREATING A CULTURE OF CYBERSECURITY

Cybersecurity. Regional and Community Banks. Inherent Risks and Preparedness.

Comprehensive Guidelines for Supervision of Financial Instruments Business Operators, etc.

Defensible Strategy To. Cyber Incident Response

Managing Cyber Attacks

The Geospatial Approach to Cybersecurity: An Executive Overview. An Esri White Paper January 2014

European Commission Per

IBM Security Strategy

Can We Become Resilient to Cyber Attacks?

Annual Supervisory Policy for Insurance Companies, etc. for Program Year 2013

Information Technology Engineers Examination. Systems Auditor Examination. (Level 4) Syllabus

International Strategy on Cybersecurity Cooperation

Data Breach Response Planning: Laying the Right Foundation

aecert Roadmap Eng. Mohammed Gheyath Director, Technical Affairs TRA

information security risks and defenses

Cybersecurity Awareness for Executives

How To Be A Successful Company

Cyber Threat Intelligence and Incident Coordination Center (C 3 ) Protecting the Healthcare Industry from Cyber Attacks

RLI PROFESSIONAL SERVICES GROUP PROFESSIONAL LEARNING EVENT PSGLE 123. Cybersecurity: A Growing Concern for Small Businesses

What is Management Responsible For?

Trends and Tactics in Cyber- Terrorism

NATIONAL CYBER SECURITY AWARENESS MONTH

THE EVOLUTION OF CYBERSECURITY

How To Defend Yourself Against Cyber Attacks

Information Technology Engineers Examination. Information Technology Service Manager Examination. (Level 4) Syllabus

Top 5 Global Bank Selects Resolution1 for Cyber Incident Response.

Critical Infrastructure & Supervisory Control and Data Acquisition (SCADA) CYBER PROTECTION

WRITTEN TESTIMONY BEFORE THE HEARING ON FEBRUARY 4, 2014 TESTIMONY OF JOHN MULLIGAN TARGET

Legislative Council Panel on Information Technology and Broadcasting. Information Security

Department of Management Services. Request for Information

ITU National Cybersecurity/CIIP Self-Assessment Toolkit. Background Information for National Pilot Tests

REPUBLIC OF LATVIA MINISTRY OF DEFENCE NATIONAL ARMED FORCES CYBER DEFENCE UNIT (CDU) CONCEPT

Cyber Security Recommendations October 29, 2002

ICBA Summary of FFIEC Cybersecurity Assessment Tool

The Importance of a Multistakeholder Approach to Cybersecurity Effectiveness

KEY STEPS FOLLOWING A DATA BREACH

2015 CEO & Board University Cybersecurity on the Rise. Matthew J. Putvinski, CPA, CISA, CISSP

Re: Big Data Request for Information

New York State Department of Financial Services. Report on Cyber Security in the Insurance Sector

Cybercrime and Regulatory Priorities for Cybersecurity

Small Firm Focus: A Practical Approach to Cybersecurity Friday, May 29 9:00 a.m. 10:15 a.m.

Address C-level Cybersecurity issues to enable and secure Digital transformation

Information Technology Engineers Examination

State of Vermont. Intrusion Detection and Prevention Policy. Date: Approved by: Tom Pelham Policy Number:

Preventing Corporate Account Takeover Fraud

8/27/2015. Brad Schuette IT Manager City of Punta Gorda (941) Don t Wait Another Day

How To Improve The Shared Services Partnership Business Continuity Plan

Initiative for Cyber Security Information sharing Partnership of Japan (J-CSIP) Annual Activity Report FY2012

Commonwealth IT Threat Management: Keeping Out the Cyber Villains Category: Cyber Security Initiatives. Initiation date: January 2012

CYBER SECURITY INFORMATION SHARING & COLLABORATION

The European Response to the rising Cyber Threat

Cybersecurity: A Growing Concern for All Businesses. RLI Design Professionals Design Professionals Learning Event DPLE 160 October 7, 2015

Comprehensive Strategy on Information Security: Executive Summary

How To Write An Article On The European Cyberspace Policy And Security Strategy

Strategic Plan On-Demand Services April 2, 2015

GAO CRITICAL INFRASTRUCTURE PROTECTION. Comments on the Proposed Cyber Security Information Act of Testimony

SHARED ASSESSMENTS PROGRAM STANDARD INFORMATION GATHERING (SIG) QUESTIONNAIRE 2014 MAPPING TO OCC GUIDANCE ( ) ON THIRD PARTY RELATIONSHIPS

The Second Action Plan on. Information Security Measures for. Critical Infrastructures. Safety as a matter of course for our daily lives

Client Update SEC Releases Updated Cybersecurity Examination Guidelines

Cybersecurity Awareness. Part 1

The trend of the Cyber Security and the efforts of NEC. December 9 th, 2015 NEC Corporation

i-pcgrid Workshop 2015 Cyber Security for Substation Automation The Jagged Line between Utility and Vendors

Transcription:

The Policy Approaches to Strengthen Cyber Security in the Financial Sector (Summary) July 2, 2015 Financial Services Agency

1 Challenge for Cyber Security in Financial Sector (1) Necessity to Strengthen Cyber Security in Financial Sector The Financial Services Agency (FSA) has been conducting the supervision and inspection regarding cyber security management as a part of system risk control, etc. Now, the threat of cyber attacks is a significant risk for the stability of the financial system. It is necessary to enhance the resilience of the financial system by strengthening the cyber security of not only each financial institution but the financial industry as a whole. In the Cyber Security Basic Act enacted in November 2014, it is provided that the government takes measures in order to ensure the cyber security of critical infrastructure including the financial sector. Clarify the policy approach to address the threat of cyber attacks in the financial sector Situation Surrounding Cyber Security in Financial Sector Increased Internet use in the financial sector due to technical innovation Sophistication of cyber attacks (elaborate attack, and access facilitation to the attack technology) Threat of cyber-terrorism (need of preparation for the 2020 Tokyo Olympic and Paralympic Games)

2 Challenge for Cyber Security in Financial Sector (2) Scope of Cyber Security in Financial Sector Purpose of attacker Target Threat Existent risk management system Social Order Disruption Financial Institution Functional failure of financial institution, financial market, or financial infrastructure Leak of confidential Attacks directly from cyber space Internal attacks to cause a malware infection of the system (Insider Threat) Attacks directly from cyber space Internal attacks to cause a malware infection of the system (Insider Threat) Business Continuity Management, etc. Information Security Management, etc. Financial Gain Customer Illegal transactions such as fraudulent remittance Malware infection of financial institutions computers to cause illegal transactions such as fraudulent remittance Malware infection of customers computers to cause orders of money transfer to the financial institution against the customer s will, or phishing fraud, etc. Customer Protection, etc.

3 Five Policies to Strengthen Cyber Security in Financial Sector Basic Concept To enhance the cyber security initiatives in the financial sector, it is important to address this task by both public and private sectors together. Thus, the FSA will develop constructive dialogue on a regular basis based on the understanding that the FSA and financial institutions have a common purpose of ensuring cyber security, and the FSA will also address the five policies below in order to contribute to strengthening cyber security in the financial sector from the financial regulator s perspective. Five Policies 1. Constructive dialogue with financial institutions and grasp of their current condition regarding cyber security 2. Improvement of the sharing framework among financial institutions 3. Continuous implementation of industry-wide cyber security exercises 4. Cybersecurity human resource development in financial sector 5. Arrangement of cyber security initiatives in the FSA

1. Constructive Dialogue with Financial Institutions and Grasp of their Current Condition regarding Cyber Security The FSA will continue constructive dialogues to enhance the effectiveness of cyber security management systems of financial institutions. As a part of this process, the FSA will grasp the current condition regarding the cyber security of the whole financial sector this year through a questionnaire, and analyze issues associated with each type of financial institution. The FSA will give the financial institutions feedback through dialogue with them and encourage the financial institutions to conduct self-checks, etc. (Reference) Overview of the questionnaire items (draft) Functional failure of financial institution or financial infrastructure Leak of confidential Illegal transaction such as fraudulent remittance (attacks on financial institutions) Illegal transaction such as fraudulent remittance (attacks on customer) Identify Protect Detect Respond and Recover Resilient service provision Alert to customer Specific response - Grasp of the target ( asset, etc.) to protect against cyber attacks - Executive s recognition of the importance of cyber security - Periodical assessments of security levels - System development with the viewpoint of security management - Preparation of emergency response and early warning system in the organization - Preparation for collection and sharing through the sharing institutions, etc. - Defense in depth (measures at entry point, internal, and exit phases) - Timely response to system vulnerabilities - Formulation of contingency plan, and participation in industry-wide cyber security exercises - Monitoring for cyber attacks through the analysis of communication log data, etc. - Appropriate response in accordance with contingency plans - Combination of preventive measures including safer authentication methods - Enhancement of security levels of the customer s environment - Detection of anomaly transactions and notifications to the customer 4

2. Improvement of Information Sharing Framework among Financial Institutions The FSA will continuously raise awareness to financial institutions regarding the importance of collecting/providing and strengthening measures (immediate grasp of vulnerabilities, introduction of security control technology, etc.) through utilizing the sharing institution (Financials ISAC Japan, etc.). The FSA will voluntarily provide through industry groups (CEPTOAR) as necessary in addition to the provided by the National Center of Incident Readiness and Strategy for Cybersecurity (NISC) under Cabinet Secretariat. The Center for Financial Industry Information Systems (FISC) will drastically raise the level of FISC Security Guidelines, and will publish the answers to inquiries from financial institutions regarding the interpretation of FISC Security Guidelines as Cyber Security reference. Other institutions related to security (JPCERT/CC, IPA, etc.) cooperation Share inquiry from financial institutions National Center of Incident Readiness and Strategy for Cybersecurity (NISC) Security incident Financial Services Agency Early warning Financials ISAC Japan cooperation FS-ISAC (USA) The Center for Financial Industry Information Systems (FISC) Security incident Formulate the FISC Security Guidelines for the Computer Systems of Financial Institutions Inquiry response CEPTOAR (Industry groups) (Information sharing and analysis) Alert as needed Alert Participate Information sharing among members Financial institutions in Japan 5

6 3. Continuous Implementation of Industry-wide Cyber Security Exercises To enhance the ability to deal with cyber attacks, it is effective to, through cyber security exercises, cultivate practical abilities, check the system, and conduct the PDCA cycle. The FSA will promptly consider concrete methods (responsible organization (including cooperation with other authorities/related institutions), purpose of exercise and scenario, etc.) in order to implement the industry-wide cyber security exercise involving related authorities, while using the exercises in foreign countries as a reference. 4. Cybersecurity human resource development in financial sector To strengthen cyber security, financial institutions staff such as not only IT engineers but also members of the board of directors and executives need to have a certain level of awareness and knowledge about cyber security. Also, it is necessary to improve the quality of human resources in the supervisory authority. After July 2015, the FSA will promote the following measures. Organize seminars to improve the awareness of Financial institution s Considering plans to develop human resources and to strengthen cyber security in the financial sector in cooperation with industry associations and sharing institutions Improving the expertise of the FSA s human resources (adoption of outside experts and education of internal personnel)

5. Arrangement of Cyber Security Initiatives in FSA To strengthen the cyber security of the whole financial system, the FSA immediately establishes a FSA s security division which collects and unifies relevant in the FSA, accumulates knowledge through utilizing outside experts, and coordinates the policy across the FSA. FSA Information Systems Management Office CSIRT of FSA Corporate Accounting and Disclosure Division (EDINET) Financial Markets Division National Center of Incident Readiness and Strategy for Cybersecurity Inspection Bureau (NISC) Cooperation Vice Commissioner for Policy Coordination Policy and Legal Division New division Supervisory Bureau Use of external specialist 1gather from Well-informed person and analyze 2gather from each departments and share 3help financial institutions to plan monitoring 4plan and discuss policy about strengthening of cyber security Opinion Office of International Affairs Securities and Exchange Surveillance Commission Attendance Cooperation International conference (argument about global regulation) Other authorities Public-private related institutions Well-informed person Monitoring(Inspection Supervisory) Financial Institutions such as Banks, Securities Companies, Insurance Companies the Financial Industry such as the securities exchange 7

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information