MAS technology risk management GuidelinesTechnology riskRisk management FrameworkPwC technology risk managementTechnology risk Management FrameworkMas Technology Risk Management Guidelines | Ideagen
文章推薦指數: 80 %
Singapore tightens MAS technology risk management guidelines following wave of cyber security attacks across the sector. Find out more. Home ThoughtLeadership Blog SingaporetightensMAStechnologyriskmanagementguidelines SingaporetightensMAStechnologyriskmanagementguidelinesfollowingcybersecurityattacks 02April2021 SingaporetightensMAStechnologyriskmanagementguidelinesfollowingcybersecurityattacks Sharethis TheMonetaryAuthorityofSingapore(MAS)technologyriskmanagementguidelineshavebeenrevisedforfinancialinstitutions(FIs)inresponsetoawaveofcybersecurityattacksacrossthesector. Globally,cybersecurityattackstargetingFIshavebeenontheincrease.So,itisnosurprisethatoneofthemostcyber-readystatesinAsiahasseenariseinattacks. WhyhavetheMASTRMguidelinesbeenrevised? Regulatedfinancialandinsurancefirmshaveseenanincreasedrelianceondigitaltechnologiesinordertodealwiththepandemic,improveoperationalefficiencyanddeliverbetterandmoreconvenientcustomerservices.However,thisreliancehasledtoamoreaccessibleplatformforcybercriminalstotarget. Thenewcomplianceprocedurescanalsobeseenastimelyandcrucialwhenitcomestonationwidedigitalisation,anadvanceinintelligentcybercriminalsandthelatestcyber-attackstosupplychains,whereestablishednetworkmanagementsoftwarebecameavictim. HowwillthenewMAStechnologyriskmanagementguidelinesaffectFinancialinstitutions? FinancialinstitutionsinSingaporemustnowadheretofurthercompliancemeasureswhenmanagingtheirITinfrastructureandvendorsinordertomitigateanyposingcyberthreats. Thenewregulationsareawaytoprotectdataconfidentialityandimposemuch-neededsupervisionofpartnershipswiththird-partyserviceproviders. TheamendedguidelinesintroduceMAS’ssharperexpectationsforfinancialinstitutions’cyberriskmanagementstandardsandpractices.Someoftherevisedregulationsareasfollows: Expandedresponsibilitiesfortheboardofdirectorsandseniormanagement TheBoardofDirectorsandseniormanagementoffinancialinstitutesnowhaveaconsiderablylargerresponsibilityformanagingtechnologyriskandcybersecurityattacks. FirmshavebeenadvisedtoappointaChiefInformationOfficerandaChiefInformationSecurityOfficerwiththerightexpertisetooverseeandmanagetheFI’stechnologyandcyberrisks. TheboardofdirectorsmustapprovetheriskappetiteandrisktolerancestatementandensurecrucialITdecisionsaremadeinagreementwiththeFI’sriskappetite. Riskmanagementfornewtechnologies Theguidelinesnowincludemorestringentrequirementsforadvancedtechnologies,suchasthird-partyaccessofAPIs(applicationprogramminginterface),virtualisationofmachinesandInternetofThingsdevices. BeforefacilitatinganythirdpartiestoaccessAPIs,financialinstitutionsmustimplementanarrayofsecuritymeasures,suchasestablishingsecuritystandardsfordesigninganddevelopingsecureAPIsandperformingrobustsecurityscreening. Cybersecurityoperations Financialinstitutionsmustnowprovidespecificinformationonhowtheyaremitigatingcybersecurityrisks.Firmsmusttakeaproactiveapproachtodigitallydefendingtheirdata. Theguidelinesrecommendthatcorporationsshouldobtaincyberintelligencemonitoringservicesandestablishacyberincidentresponseandmanagementplantoisolatecurrentcyberthreatsandmitigateanyfutureones. Firmsshouldreviewandupdatetheirexistingprocesses,evaluatingthetypesoftechnologiestheyimplementandassessingwhethermorestringentsecuritymeasuresareneeded,whilstreportingandsharinganyfindingswithinthefinancialecosystem. TheMASsaidinastatementthatthenewamendmentsareexpectedtohelpbusinessestoperseverewiththeever-advancingtechnologiesaswellaschangesintheexistingcybersecuritythreatlandscape.MASexpectsallfinancialinstitutionstotakestepstoguaranteethattheirbusinessoperationscomplywiththe2021Guidelines. InresponsetocomplyingwiththenewMAStechnologyriskmanagementguidelines,yourcompanymayneedtoimplementasystematicandevidentialapproachtoaccountabilityandcompetency,whichcanbeadauntingprocess.PentanaCompliancegivesyourbusinessallthetoolsyouneedtofacilitateeffectiveregulatorycompliance,allowingfirmstostreamlinebusinessprocessesandprovidesregulatorsandstakeholderscompleteassurancethateveryaspectofpeopleandprocessregulationisaddressed. Writtenby ChloeWeaver AsIdeagen’sContentMarketingExecutive,Chloeproducesengagingcontenttoinformandeducatecustomersontheintricateworldofquality,audit,riskandcompliance.Withajournalisticbackgroundinrenewableandnuclearenergy,Chloeispassionateaboutcreatingcontenttoeducate,enlightenandinspirecustomers. Relatedblogposts Herearesomemoreblogpoststhatyoumightbeinterestedin. 01April2021 Whatisriskmanagement? byAbbieGlossop Riskscancomefromanywhereandorganisationsacrossallindustriesfacethem.Whatmattersishowyoudealwiththem,whichiswhereriskmanagementcomesin.Butexactlywhatisriskmanagement? Thisblogwilltakeriskmanagementbackt... Continuereading Findthebestproductforyou Useourproductassistancetoolandgetrecommendationsbasedonyourbusinessneeds. Let'sgetstarted Dismiss MyBusinessNeed Thiswillhelpusidentifythebestsoftwareproductforyou. Whatdoyouneedtheproducttohelpyouwith?(Youcanselectupto5): Pleaseselect… Pleaseselectatleastonebusinessneed AddAnotherNeed OK,Next TellUsMore Pleasesharesomefurtherdetailsowecanrefineyourproductrecommendations. Whichtypeofriskdoyoumanage? Pleaseselect… Pleaseselectatypeofrisk Previous GetResults
延伸文章資訊
- 1MAS Revises Technology Risk Management Guidelines for ...
With the rising numbers and scale of cyberattacks, the Monetary Authority of Singapore (MAS) revi...
- 2What Is Technology Risk? - RiskLens
- 3Technology Risk Management - The Definitive Guide | LeanIX
- 4Risk Management Policy
- 5What Risk Management Technology Should You Use?
