Sunday , December 8 2019
Home / Bank of International Settlement / Varying shades of red: how red team testing frameworks can enhance the cyber resilience of financial institutions

Varying shades of red: how red team testing frameworks can enhance the cyber resilience of financial institutions

Summary:
FSI Papers  |  No 21  |  15 November 2019 by  Jermy Prenio, Jeffery Yong and Raymond Kleijmeer PDF full text (377kb)  |  20 pages Executive Summary (89 KB, PDF) Financial institutions use a range of testing activities to assess their cyber resilience capabilities. While each type of test has its intended objective, there is recognition of the importance of threat intelligence-led simulation of real-life cyber attacks through red team tests. Red team tests are useful to identify potential weaknesses in financial institutions' cyber protection, detection and response

Topics:
International Settlement considers the following as important:

This could be interesting, too:

Bank of Japan writes Remarks by Governor Kuroda at the Asia Pacific Initiative Forum (A Perspective on the Future of Asia)

Jp Koning writes A way to make anonymous online donations

Amol Agrawal writes The Problem With “Green” Monetary Policy

Amol Agrawal writes Time for e-Euro?

FSI Papers  |  No 21  | 
15 November 2019
PDF full text
 (377kb)
 |  20 pages

Financial institutions use a range of testing activities to assess their cyber resilience capabilities. While each type of test has its intended objective, there is recognition of the importance of threat intelligence-led simulation of real-life cyber attacks through red team tests. Red team tests are useful to identify potential weaknesses in financial institutions' cyber protection, detection and response capabilities that are then addressed by an effective remediation plan. In recent years, a number of jurisdictions have established frameworks for red team testing mainly for large and critical financial institutions. These frameworks share a number of common elements, but the objectives and implementation details differ. Coordinated cross-border red team testing by financial institutions is necessary to avoid jurisdictional blind spots and minimise unnecessary duplication of efforts by firms and authorities. In this regard, we observe that certain authorities may be prepared to recognise red team testing conducted under another jurisdiction's framework if certain conditions are met.

JEL classification:  G18, M15

International Settlement
The Bank for International Settlements (BIS) is an international company limited by shares owned by central banks which "fosters international monetary and financial cooperation and serves as a bank for central banks". The BIS carries out its work through subcommittees, the secretariats it hosts and through an annual general meeting of all member banks. It also provides banking services, but only to central banks and other international organizations. It is based in Basel, Switzerland, with representative offices in Hong Kong and Mexico City.

Leave a Reply

Your email address will not be published. Required fields are marked *