CyberSaint Announces $21M in Series A Funding!

Read the Release
Request Demo

Cybersecurity Frameworks

Leveraging FSSCC Cybersecurity Profile in the Financial Sector

down-arrow

2020 is a critical year for harmonizing financial services cybersecurity regulations and unifying them under the fsscc cybersecurity profile. 

The Financial Services Sector Coordinating Council (FSSCC) cybersecurity profile was created by leading institutions including the Bank Policy Institute (BPI), to fulfill the need for a more efficient, tailored, and easily communicated framework to assess against, align to, and leverage to improve cybersecurity resilience. The profile is designed for all financial institutions, financial services organizations from banking, asset management, broker-dealers, insurance, to market utilities. 

On October 25, 2018, the Financial Services Sector Coordinating Council (FSSCC) published the cybersecurity profile. The FSSCC publicized the cybersecurity profile across the industry, as it was created in partnership and collaboration between the American Bankers Association, Bank Policy Institute, the Institute of International Bankers, and other financial industry leaders.

The sector profile’s aim is to simplify the regulatory strain that financial institutions are under while providing a more sector-specific standard to benchmark their organizations against. By optimizing the requirements they assess themselves against as well as expediting the assessment process for those organizations, the financial services cybersecurity profile offers a "73% reduction for community institution assessment questions" when compared to the FFIEC CAT, according to FSSCC's published Benefits to Financial Institutions.

What Are Future Plans for the FSSCC Cybersecurity Profile?

The FSSCC’s survey results showed that Chief Information Security Officers from financial institutions indicated that nearly 40% of their time, and their teams’ time, was spent reconciling various cybersecurity and regulatory frameworks.

The Financial Sector Coordinating Council (FSSCC), the trade associations, financial institutions, and other organizations and thought leaders who helped in developing the profile have noted that consistent iterations and improvements to the profile are essential for financial services sector cybersecurity to stay ahead. Every 2-3 years, the group plans to update the FSSCC cybersecurity profile. Therefore, the FSSCC and other stakeholders will continue to shape the cybersecurity profile over several cycles, so financial institutions can benchmark themselves in the most effective way as the cybersecurity risk landscape changes. Other standards bodies already abide by this practice, such as the National Institute of Standards and Technology (NIST) and the International Standards Organization (ISO).

In the financial services industry, CISOs are already heavily burdened by regulatory requirements, made even more difficult to manage with the cybersecurity talent shortage. The FSSCC cybersecurity profile will give CISOs enterprise-wide visibility across their business units and LOBs, departments, and vendor risk management initiatives, and will allow them to benchmark their programs both internally and externally. Cybersecurity risk management will be more accessible and manageable using the sector profile as opposed to tools such as the FFIEC cybersecurity assessment tool (CAT), according to the FSSCC stakeholders and website.

Mappings from the FSSCC Cybersecurity Profile to Regulatory Requirements

Due to increased demand for industry mappings, the FSSCC cybersecurity profile has already been mapped to various regulatory compliance frameworks and standards, such as ISO27001 and CPMI-IOSCO’s “Guidance on Cyber Resilience for Financial Market Structures” and others. The FSSCC plans to release mappings on a rolling basis.

According to the FSSCC, “Many Financial Services Cyber-Related Proposals Describe Similar Concepts to the NIST Cybersecurity Framework (but with Different Terminology)”. Mappings between other financial sector compliance standards and the financial sector profile will aid in bolstering cyber risk management and accelerating potential for continuous compliance and improvement across the financial services industry. Examples of similar mappings between regulations, NIST subcategories, NIST categories, and NIST functions are below.

FSSCC Cybersecurity Profile

 

You may also like

March Product Update
on March 21, 2024

The CyberSaint team is dedicated to advancing the CyberStrong platform to meet your cyber risk management needs. These latest updates will empower you to benchmark your ...

Empowering Cyber Risk Modeling ...
on March 20, 2024

The practice of cyber risk management is cyclical. You start by assessing your cyber risk environment. That step includes identifying risks and classifying them in buckets. Then, ...

Leveraging the Executive Dashboard ...
on March 18, 2024

In the fast-paced business world, CISOs and C-suite executives constantly juggle multiple responsibilities, from budgeting to strategic planning. However, in today's digital ...

NIST CSF 2.0 Updates in CyberStrong
on March 20, 2024

The National Institute of Standards and Technology’s Cybersecurity Framework (CSF) is known in cybersecurity as the gold standard framework for cybersecurity and risk guidance; it ...

Building a Defensible Cyber ...
on March 11, 2024

Cyber threats are ever-present in the digital landscape. Just as a hero needs a trusty map, organizations need a cyber security risk management plan to navigate the dynamic and ...

Demystifying the Maze: A Guide to ...
on March 4, 2024

Cybersecurity is no longer just about firewalls and antivirus software. In today's data-driven world, effectively managing cybersecurity risk requires quantification: turning ...