ICT & Cyber resilience
Operational disruption to important business services could impact financial stability, threaten the safety and soundness of individual firms and FMIs, and cause harm to consumers and other market participants in the financial system. In this context, firms and FMIs should assess their cyber risk and build adequate resilience capabilities to prepare for, and respond to, cyber events and incidents that could cause operational disruption. To maintain the cyber resilience of the financial sector and to support our supervisory oversight, we have developed cyber assessment tools. They include CBEST, STAR-FS and CQUEST.
CBEST
CBEST provides a framework for regulators to work with firms using a simulated cyberattack. This allows firms to explore how to disrupt an attack on the people, processes and technology of cyber security controls. We base the simulated attacks used on present cyber threats. These include the approach a threat actor may take to attack a firm and how they might exploit a its online information.
The aim of CBEST is to:
- test a firm’s defences
- assess its threat intelligence capability
- assess its ability to detect and…
