Pension Funds
The Pensions Administration Standards Association has published its cybersecurity guidance for U.K. pension plans, a news release said Thursday.
The guide consists of five sections: Controls and incident management, governance, risk assessment and risk management.
In risk assessment, for example, pension plans need to understand what they need to protect in assets, such as participants’ personal data, identify threats to those assets, identify risk by considering threat likelihood, establish controls to mitigate threats and asses effectiveness of those controls and determine whether the resultant risk is acceptable.
Controls that can mitigate cybersecurity risks include monitoring and logging, penetration testing, a business continuity/disaster recovery, data protection, reviewing the infrastructure to make sure it’s appropriate given identified risks, and keeping data…