<img src="https://ws.zoominfo.com/pixel/4CagHYMZMRWAjWFEK36G" width="1" height="1" style="display: none;">
Request Demo

Cybersecurity Frameworks

Leveraging FSSCC Cybersecurity Profile in the Financial Sector

down-arrow

2020 is a critical year for harmonizing financial services cybersecurity regulations and unifying them under the fsscc cybersecurity profile. 

The Financial Services Sector Coordinating Council (FSSCC) cybersecurity profile was created by leading institutions including the Bank Policy Institute (BPI), to fulfill the need for a more efficient, tailored, and easily communicated framework to assess against, align to, and leverage to improve cybersecurity resilience. The profile is designed for all financial institutions, financial services organizations from banking, asset management, broker-dealers, insurance, to market utilities. 

On October 25, 2018, the Financial Services Sector Coordinating Council (FSSCC) published the cybersecurity profile. The FSSCC publicized the cybersecurity profile across the industry, as it was created in partnership and collaboration between the American Bankers Association, Bank Policy Institute, the Institute of International Bankers, and other financial industry leaders.

The sector profile’s aim is to simplify the regulatory strain that financial institutions are under while providing a more sector-specific standard to benchmark their organizations against. By optimizing the requirements they assess themselves against as well as expediting the assessment process for those organizations, the financial services cybersecurity profile offers a "73% reduction for community institution assessment questions" when compared to the FFIEC CAT, according to FSSCC's published Benefits to Financial Institutions.

 

What Are Future Plans for the FSSCC Cybersecurity Profile?

The FSSCC’s survey results showed that Chief Information Security Officers from financial institutions indicated that nearly 40% of their time, and their teams’ time, was spent reconciling various cybersecurity and regulatory frameworks.

The Financial Sector Coordinating Council (FSSCC), the trade associations, financial institutions, and other organizations and thought leaders who helped in developing the profile have noted that consistent iterations and improvements to the profile are essential for financial services sector cybersecurity to stay ahead. Every 2-3 years, the group plans to update the FSSCC cybersecurity profile. Therefore, the FSSCC and other stakeholders will continue to shape the cybersecurity profile over several cycles, so financial institutions can benchmark themselves in the most effective way as the cybersecurity risk landscape changes. Other standards bodies already abide by this practice, such as the National Institute of Standards and Technology (NIST) and the International Standards Organization (ISO).

In the financial services industry, CISOs are already heavily burdened by regulatory requirements, made even more difficult to manage with the cybersecurity talent shortage. The FSSCC cybersecurity profile will give CISOs enterprise-wide visibility across their business units and LOBs, departments, vendor risk management initiatives, and will allow them to benchmark their programs both internal and external. Cybersecurity risk management will be more accessible and manageable using the sector profile as opposed to tools such as the FFIEC cybersecurity assessment tool (CAT), according to the FSSCC stakeholders and website.

 

Mappings from the FSSCC Cybersecurity Profile to Regulatory Requirements

Due to increased demand for industry mappings, the FSSCC cybersecurity profile has already been mapped to various regulatory compliance frameworks and standards, such as ISO27001 and CPMI-IOSCO’s “Guidance on Cyber Resilience for Financial Market Structures” and others. The FSSCC plans to release mappings on a rolling basis.

According to the FSSCC, “Many Financial Services Cyber-Related Proposals Describe Similar Concepts to the NIST Cybersecurity Framework (but with Different Terminology)”. Mappings between other financial sector compliance standards and the financial sector profile will aid in bolstering cyber risk management and accelerating potential for continuous compliance and improvement across the financial services industry. Examples of similar mappings between regulations, NIST subcategories, NIST categories, and NIST functions are below.

FSSCC Cybersecurity Profile

 

You may also like

Modern-Day Cybersecurity ...
on October 22, 2021

A CISO is responsible for many things in an enterprise. They are in charge of establishing security and governance practices, identifying security objectives, enabling a framework ...

Aligning Security and Privacy ...
on October 8, 2021

For too long, companies have made the mistake of separating privacy and security regulation. This has led to numerous security gaps that cybercriminals have exploited and ...

New Gartner Report Identifies ...
on September 15, 2021

With a variety of risks growing out of the pandemic, cybersecurity control failures was listed as the top executive concern during Q1 2021. According to the Gartner Emerging Risks ...

Why IOT in the Commercial ...
on September 14, 2021

Every month there seems to be a new device that changes the way we travel, communicate, conduct business, and live our personal lives. The transformation promises efficiency and ...

Why the Chemical Sector is ...
on September 1, 2021

The chemical sector encompasses more than 70,000 diverse products that are critical to the modern global infrastructure. Several thousand chemical facilities ship, manufacture, ...

Kyndall Elliott
What Does the Future of Risk ...
on August 31, 2021

Cyber risk is the top concern for water and wastewater systems. With government intelligence confirming cyber attacks staged by Russia and Iran, utilities need strong risk ...