MAS Revises Technology Risk Management Guidelines for ...
文章推薦指數: 80 %
With the rising numbers and scale of cyberattacks, the Monetary Authority of Singapore (MAS) revised its technology risk management (TRM) ... SOLUTIONS FINDANEXPERT INSIGHTS ABOUTUS CAREERS Valuation Valuationofbusinesses,assetsandalternativeinvestmentsforfinancialreporting,taxandotherpurposes. ComplianceandRegulation End-to-endgovernance,advisoryandmonitorshipsolutionstodetect,mitigateandremediateoperationalsecurity,legal,complianceandregulatoryrisk. CorporateFinanceandRestructuring Comprehensiveinvestmentbanking,corporatefinance,restructuringandinsolvencyservicestoinvestors,assetmanagers,companiesandlenders. CyberRisk Incidentresponse,digitalforensics,breachnotification,manageddetectionservices,penetrationtesting,cyberassessmentsandadvisory. Environmental,SocialandGovernance Solutionsincludepoliciesandprocedures,screeningandduediligence,disclosuresandreportingandinvestigations,valuecreation,andmonitoring. InvestigationsandDisputes World-wideexpertservicesandtech-enabledadvisorythroughallstagesofdiligence,forensicinvestigation,litigationandtestimony. BusinessServices Expertproviderofcomplexadministrativesolutionsforcapitaleventsglobally.Ourservicesincludeclaimsandnoticingadministration,debtrestructuringandliabilitymanagementservices,agencyandtrusteeservicesandmore. FINDANEXPERT FindanExpert Leadership BoardofDirectors KrollInstitute BYTOPIC ComplianceandRegulation CostofCapital CyberRisk Fraud Governance M&A Tax Valuation SeeAllInsights BYCATEGORY CaseStudies Events Publications Webcasts,VideosandPodcasts ABOUTUS Overview BoardofDirectors FindanExpert Leadership Locations PressRoom OURIMPACT OurCommitments KrollCharitableFoundation KrollInstitute Values CAREERS WhyKroll? Testimonials Students Explorejobopportunities Search SOLUTIONS FINDANEXPERT INSIGHTS ABOUTUS CAREERS MainMenu Valuation Valuationofbusinesses,assetsandalternativeinvestmentsforfinancialreporting,taxandotherpurposes. ChevronForwardCircle SeeSolution ComplianceandRegulation End-to-endgovernance,advisoryandmonitorshipsolutionstodetect,mitigateandremediateoperationalsecurity,legal,complianceandregulatoryrisk. ChevronForwardCircle SeeSolution CorporateFinanceandRestructuring Comprehensiveinvestmentbanking,corporatefinance,restructuringandinsolvencyservicestoinvestors,assetmanagers,companiesandlenders. ChevronForwardCircle SeeSolution CyberRisk Incidentresponse,digitalforensics,breachnotification,manageddetectionservices,penetrationtesting,cyberassessmentsandadvisory. ChevronForwardCircle SeeSolution Environmental,SocialandGovernance Solutionsincludepoliciesandprocedures,screeningandduediligence,disclosuresandreportingandinvestigations,valuecreation,andmonitoring. ChevronForwardCircle SeeSolution InvestigationsandDisputes World-wideexpertservicesandtech-enabledadvisorythroughallstagesofdiligence,forensicinvestigation,litigationandtestimony. ChevronForwardCircle SeeSolution BusinessServices Expertproviderofcomplexadministrativesolutionsforcapitaleventsglobally.Ourservicesincludeclaimsandnoticingadministration,debtrestructuringandliabilitymanagementservices,agencyandtrusteeservicesandmore. ChevronForwardCircle SeeSolution MainMenu FINDANEXPERT FindanExpert Leadership BoardofDirectors KrollInstitute MainMenu BYTOPIC ComplianceandRegulation CostofCapital CyberRisk Fraud Governance M&A Tax Valuation SeeAllInsights BYCATEGORY CaseStudies Events Publications Webcasts,VideosandPodcasts MainMenu ABOUTUS Overview BoardofDirectors FindanExpert Leadership Locations PressRoom OURIMPACT OurCommitments KrollCharitableFoundation KrollInstitute Values MainMenu CAREERS WhyKroll? Testimonials Students Explorejobopportunities SendMessage Contact Close SendMessage Thankyou Oneofourexpertswillcontactyoushortly. Sorry,somethingwentwrong:(Pleasetryagainlater! Pleasetryagainlater! Aboutyou SelectTypeofFirm - abank acompany alawfirm aPE/assetmanager other Contactdetails Firstname * Lastname * SelectRegion * - Company * Phonenumber Email * SelectIssue * - avaluation expertservicesanddisputes atransaction compliance tax other Question Iwouldliketoreceiveperiodicnews,reports,andinvitationsfromKroll,aDuff&Phelps. Submit Chevron DemystifyingtheMAS’2021TechnologyRiskManagementGuidelines Compliance SigninorCreateanaccounttobookmarkthispage Clickheretobookmarkthispage Clickheretoremovebookmark Withtherisingnumbersandscaleofcyberattacks,theMonetaryAuthorityofSingapore(MAS)reviseditstechnologyriskmanagement(TRM)guidelinesonJanuary18,2021.TheTRMguidelinesapplytoallFIsthatMASregulates,rangingfromlargeoneslikebanks,insurersandexchangestosmalloneslikeventurecapitalmanagersandpaymentsservicesfirms. TheTRMguidelinesaddressincreasedrelianceonemergingtechnologieslikecloudcomputing,applicationprogramminginterfaces(APIs)andrapidsoftwaredevelopmentandthefast-changingcyberthreatlandscape.Weviewthe2021versionasa“bestpractice framework”forFIsoutlininggovernancepracticesandinternalcontrolstopre-emptandaddresscurrentrisksthatadoptmostoftheprior2013versionasabase. Beyondaddressingnewtechnologiesdeployedtoday,the2021guidelinessignificantlyemphasizetheneedforcybersecurityanddefence.Toillustrate,inthe2013guidelines,wefoundthattheword“cyber”appearedfourtimes,alwaysinthecontextof“cyberattack.”Reflectinghowmuchtheconceptofcyberriskhasdevelopedinsignificanceandsophisticationovereightyears,inthe2021version,“cyber”appears74timesandisusedtoexpressahostofphenomenalike“risk,”“threat,”“resilience,”“security,”“criminals,”“incidents,”“events,”“intelligence,”“exercises”and“range.” Herearesomeofourkeytakeawaysfromthe2021versionoftheTRMguidelines: MoreFocusontheBoardofDirectorsandSeniorManagementBeingAbletoUnderstandandManageTechnologyRisk,IncludingCyberRisk Boththe2013and2021guidelinesrequiretheboardofdirectorsandseniormanagement(BSM)toensurethataTRMframeworkisestablishedandmaintainedandoverseethesame.The2021guidelinesaddthattheBSMshouldensuretheappointmentsofaChiefInformationOfficer(oritsequivalent)andaChiefInformationSecurityOfficer(oritsequivalent)withrequisiteexperienceandexpertise.TheMASdoesallowformodificationofthisrequirementinsmallfirmswithalimitedheadcount.However,thefactthatthe2021guidelinesalsostatethattheboardshouldbetrainedontechnologyriskandTRMpracticesclearlyshowsthatMASwouldliketoseeBSMkeepupwithrapiddevelopmentsintechnologyrisk. ExtendingTRMtoAllThirdParties,NotJustOutsourcedServiceProviders Whilethe2013versionconsideredthird-partyITriskfromoutsourcing,the2021versionrecognizesthatanFI’suseofservicesofanythirdpartydeliveredusingITorinvolvingathirdpartystoringorelectronicallyprocessingconfidentialorsensitivecustomerinformationposesriskifthethirdpartyhasasystemfailureorsecuritybreach.The2021versionthusasksFIstoassessandmanageallthird-partyITrisksbeforeenteringintoacontractualagreementorpartnershipandensuresthatthethirdpartyemploysahighstandardofcareanddiligenceconcerningdataconfidentialityandsystemresilience. NewSectiononSoftwareApplicationDevelopmentandManagement AcknowledgingthatFIsareincreasinglydevelopingin-housesoftware,the2021versionhasasectionoutliningstandardsthatFIsshouldadoptonsecurecoding,sourcecodereviewandapplicationsecuritytesting.ThesectionalsoaddressesanFI’suseofthird-partyandopen-sourcesoftwarecodesandthedevelopmentandprovisionofapplicationprogramminginterfaces(APIs). EnhancedDataandInfrastructureSecurityinLightofNewTechnologies Whilethe2013versionalreadysetoutmeasurestoguardagainstcyberattacks,the2021revisionhasenhancementsthataddressprevailingphenomenalikeBringYourOwnDevice(BYOD),virtualizationandtheInternetofThings. NewSectiononCyberSecurityOperations The2021guidelinesaskFIstocollectandprocessinformationoncyberevents,threatintelligenceandsystemvulnerabilitiesandassessthepotentialimpacttotheFI’sbusinessandITenvironment.FIsshouldalsoactivelyexchangetimelyandactionablecyberthreatinformationwithtrustedpartieswhilebeingalivetorelevantmisinformation.FIsshouldalsoestablishasecurityoperationscenteroracquiremanagedsecurityservicestomonitorforattemptedoractualcyberattacksandestablishacyberincidentresponseandmanagementplantoresolvecyberthreatsandresumeaffectedservices. AddedMeasurestoAssesstheFirm’sCyberSecurity The2013versionalreadyprescribedvulnerabilityassessmentandpenetrationtesting.The2021versionaddsthatFIsshouldcarryoutregularscenario-basedexercisessuchassocialengineering,tabletoporcyberrangeexercisestochecktheFI’sresponse,recoveryandcommunicationplansagainstcyberthreats.TheFIsshouldalsoperformanadversarialattacksimulationexercise.ThisprovidesamorerealisticpictureofanFI’scapabilitytoprevent,detectandrespondtorealadversariesbysimulatingthetactics,techniquesandproceduresofreal-worldattackerstotargetpeople,processesandtechnologyunderpinningtheFI’scriticalbusinessfunctionsorservices.The2021guidelinesalsosuggestwhatremediationshouldbeestablishedtotrackandresolveissuesidentifiedfromcybersecurityassessmentsorexercises. Appropriatelyimplemented,therevisedguidelineswillbolsterthepreparednessofSingapore’sfinancialecosystemandplacefirmsonfirmerfootingastheynavigateapost-COVID-19climate. ThisarticlewasoriginallypublishedonFintechNewsSingapore. DemystifyingtheMAS’2021TechnologyRiskManagementGuidelines 2021-04-05T00:00:00.0000000 /en/insights/publications/financial-compliance-regulation/mas-technology-risk-management-guidelines-2021 /-/media/assets/images/publications/featured-images/2021/mas-technology-risk-management-guidelines.jpg publication {4D5F3272-D961-43F9-A68A-1C9C7C28832E} {716B6C5E-3F2A-4FBA-9FA6-B584B4317233} {EA96BAAD-3012-4781-8A01-EC81851ED196} {B1FF17CC-D957-458C-A381-D10935C635C8} {0D8F5BE3-DF68-470D-ADFF-536F0505BF20} {44969BA1-47AB-4BE6-BC0C-6EE0232385DF} {2F9D4938-E5F0-4F9C-9A20-C4A5DCF79130} {000DE5BE-6355-408E-85E6-1C296A187DF5} Facebook ArrowLeft ArrowRight Calendar(Dark) Path2 Close SendMessage DownloadvCard Filter Location DuffAndPhelps Phone Triangle Tick Twitter Youtube Twitter LinkedIn SendMessage Contactus Print Print FinancialServicesComplianceandRegulation End-to-endgovernance,advisoryandmonitorshipsolutionstodetect,mitigate,driveefficienciesandremediateoperational,legal,complianceandregulatoryrisk. FinancialServicesComplianceandRegulation SingaporeRegulation ComprehensiveMASlicensingsupport. SingaporeRegulation MASLicensing ComprehensiveMASlicensingsupport. MASLicensing CyberGovernanceandRisk ManagecyberriskgovernanceissueswithKroll’sdefensiblesecuritystrategyframework. CyberGovernanceandRisk SystemAssessmentsandTesting Solutionstoidentify,evaluateandprioritizeriskstopeople,data,operationsandtechnology. SystemAssessmentsandTesting IncidentResponseandLitigationSupport Eliteinvestigatorsproviderapid,expertresponsestosupportanycyberincidentorlitigation. IncidentResponseandLitigationSupport CyberRiskRetainers Secureatruecyberriskretainerwithelitedigitalforensicsandincidentresponsecapabilities. CyberRiskRetainers ComplianceRisk RussiaSanctionsUsherInNewAgeOfEconomicWarfare ComplianceRisk Valuation TheRoleofValuationinSoutheastAsia’sTechnologyIndustry Valuation PublicHealthandSafety TimeforCompaniestoReconsiderHealthintheEraofPandemics PublicHealthandSafety Cyber NavigatingaHeightenedCyberThreatEnvironment Cyber Arrow-Left Arrow-Right
延伸文章資訊
- 1MAS TRM Guidelines - Compliance | Google Cloud
MAS established the Technology Risk Management (TRM) guidelines (“MAS TRM Guidelines”) which set ...
- 2MAS Revises Technology Risk Management Guidelines for ...
With the rising numbers and scale of cyberattacks, the Monetary Authority of Singapore (MAS) revi...
- 3Technology Risk Management Guidelines - Monetary ...
2 Application of the MAS Technology Risk Management Guidelines ........................ 6. 3 Tech...
- 4What Is Technology Risk? - RiskLens
- 5Guidelines on Risk Management Practices – Technology Risk
Information paper outlining MAS' key observations from a review of the industry's Own Risk and So...