<img src="https://ws.zoominfo.com/pixel/4CagHYMZMRWAjWFEK36G" width="1" height="1" style="display: none;">
Request Demo

Cybersecurity Frameworks

Leveraging FSSCC Cybersecurity Profile in the Financial Sector

down-arrow

2020 is a critical year for harmonizing financial services cybersecurity regulations and unifying them under the fsscc cybersecurity profile. 

The Financial Services Sector Coordinating Council (FSSCC) cybersecurity profile was created by leading institutions including the Bank Policy Institute (BPI), to fulfill the need for a more efficient, tailored, and easily communicated framework to assess against, align to, and leverage to improve cybersecurity resilience. The profile is designed for all financial institutions, financial services organizations from banking, asset management, broker-dealers, insurance, to market utilities. 

On October 25, 2018, the Financial Services Sector Coordinating Council (FSSCC) published the cybersecurity profile. The FSSCC publicized the cybersecurity profile across the industry, as it was created in partnership and collaboration between the American Bankers Association, Bank Policy Institute, the Institute of International Bankers, and other financial industry leaders.

The sector profile’s aim is to simplify the regulatory strain that financial institutions are under while providing a more sector-specific standard to benchmark their organizations against. By optimizing the requirements they assess themselves against as well as expediting the assessment process for those organizations, the financial services cybersecurity profile offers a "73% reduction for community institution assessment questions" when compared to the FFIEC CAT, according to FSSCC's published Benefits to Financial Institutions.

 

What Are Future Plans for the FSSCC Cybersecurity Profile?

The FSSCC’s survey results showed that Chief Information Security Officers from financial institutions indicated that nearly 40% of their time, and their teams’ time, was spent reconciling various cybersecurity and regulatory frameworks.

The Financial Sector Coordinating Council (FSSCC), the trade associations, financial institutions, and other organizations and thought leaders who helped in developing the profile have noted that consistent iterations and improvements to the profile are essential for financial services sector cybersecurity to stay ahead. Every 2-3 years, the group plans to update the FSSCC cybersecurity profile. Therefore, the FSSCC and other stakeholders will continue to shape the cybersecurity profile over several cycles, so financial institutions can benchmark themselves in the most effective way as the cybersecurity risk landscape changes. Other standards bodies already abide by this practice, such as the National Institute of Standards and Technology (NIST) and the International Standards Organization (ISO).

In the financial services industry, CISOs are already heavily burdened by regulatory requirements, made even more difficult to manage with the cybersecurity talent shortage. The FSSCC cybersecurity profile will give CISOs enterprise-wide visibility across their business units and LOBs, departments, vendor risk management initiatives, and will allow them to benchmark their programs both internal and external. Cybersecurity risk management will be more accessible and manageable using the sector profile as opposed to tools such as the FFIEC cybersecurity assessment tool (CAT), according to the FSSCC stakeholders and website.

 

Mappings from the FSSCC Cybersecurity Profile to Regulatory Requirements

Due to increased demand for industry mappings, the FSSCC cybersecurity profile has already been mapped to various regulatory compliance frameworks and standards, such as ISO27001 and CPMI-IOSCO’s “Guidance on Cyber Resilience for Financial Market Structures” and others. The FSSCC plans to release mappings on a rolling basis.

According to the FSSCC, “Many Financial Services Cyber-Related Proposals Describe Similar Concepts to the NIST Cybersecurity Framework (but with Different Terminology)”. Mappings between other financial sector compliance standards and the financial sector profile will aid in bolstering cyber risk management and accelerating potential for continuous compliance and improvement across the financial services industry. Examples of similar mappings between regulations, NIST subcategories, NIST categories, and NIST functions are below.

FSSCC Cybersecurity Profile

 

You may also like

How Does FAIR Fit into ...
on September 26, 2022

The Factor Analysis of Information Risk (FAIR) methodology breaks down risk into elements that organizations can compute, understand, analyze and quantify cyber threats and their ...

All-in-One Cybersecurity Board ...
on September 19, 2022

CISOs and Board Members can no longer ignore the importance of cybersecurity. New cyber attacks and threats surface every week and threaten the security of business operations. ...

Rules for Effective Cyber Risk ...
on September 12, 2022

Cybersecurity threats are becoming more challenging for businesses. According to PurpleSec’s Cyber Security Trend Report in 2021, cybercrime surged by 600% during the pandemic, ...

A Pocket Guide to Factor Analysis ...
on September 14, 2022

FAIR, short for Factor Analysis of Information Risk, is a risk quantification methodology founded to help businesses evaluate information risks. FAIR is the only international ...

Your Guide to Cyber Risk ...
on August 30, 2022

During the pandemic, online businesses flourished as people turned to e-commerce stores to shop from the comfort and safety of their homes. This unprecedented expansion of ...

Pros and Cons of Continual ...
on July 22, 2022

The cybersecurity landscape is constantly changing with the hackers that threaten this industry continually advancing their attack techniques. According to the Sophos 2022 Threat ...