News

SUBSCRIBE to our weekly e-mail (with live links) for just €5 per month
+++++++++++++++

ELEC Paper: Why EU Capital Markets Union has become a “must have” and how to get there -Feb 2024

My collected papers - 1989/1993: Market Discipline in EMU

Public Information

Expand

Graham Bishop Consultancy

Friends of GrahamBishop.com

Brussels 4 Breakfast

CPD / Education and Learning

Graham Bishop - Biography

Graham's Blogs

Graham's Media Activities

Graham's Speeches

Graham's Writing

Press Resources

Photographs

My `pro bono' work

How you can support this work

Why my `pro bono' work is relevant to markets

Technical Difficulties

Privacy Policy

Terms and Conditions

Tweets by @GrahamBishopcom

Follow @GrahamBishopcom

Article List:

ESAs: Joint Consume...
Bloomberg: Europe se...
Reuters: EU legal op...
Bloomberg: ECB likel...
Wall Street Journal:...
EU: Publication of t...
Eurogroup agrees ope...
>>BoE launches new fra...
BIS/Hakkarainen: Ban...
EC: Legal obstacles ...
ECB introduces a neg...
ECB: Launch of the S...
DRS LLP: Basel III s...
BIS/Caruana: Financi...
Regulation on extens...

Home>Banking Union

Print Page Save to My Library <Next Article Previous Article>

10 June 2014

BoE launches new framework to test for cyber vulnerabilities

In a speech Andrew Gracie, Executive Director at the Bank of England, formally launched a new framework to help identify areas where the financial sector could be vulnerable to sophisticated cyber-attack.

The new framework called CBEST uses intelligence from Government and accredited commercial providers to identify potential attackers to a particular financial institution. It then replicates the techniques these potential attackers use in order to test the extent to which they may be successful in penetrating the defences of the institution. On completion of the test there will be workshops for the firm to work through the results with the testers and supervisors.

CBEST provides the following:

access to considered and consistent cyber threat intelligence, ethically and legally sourced from organisations that have been assessed against rigorous standards;

access to knowledgeable, skilled and competent cyber threat intelligence analysts who have a detailed understanding of the financial services sector;

realistic penetration tests that replicate sophisticated, current attacks based on current and targeted cyber threat intelligence;

standard key performance indicators that can be used to assess the maturity of the organisation’s ability to detect and respond to cyber-attacks; and

access to benchmark information that can be used to assess other parts of the financial services industry.

The combination of these will allow a firm to understand where they are vulnerable. They will then be better prepared to implement remediation plans. The inclusion of specific cyber threat intelligence will ensure that the tests replicate, as closely as possible, the evolving threat landscape and therefore will remain relevant.

CBEST differs from other security testing currently undertaken by the financial services sector because it uses real threat intelligence and focuses on the more sophisticated and persistent attacks on critical systems and essential services. The implementation of CBEST will help the boards of financial firms, infrastructure providers and regulators to improve their understanding of the types of cyber-attack that could undermine financial stability in the UK, the extent to which the UK financial sector is vulnerable to those attacks and how effective the detection and recovery processes are.

Full news

Full speech

© Bank of England

< Next Previous >

Key
Hover over the blue highlighted text to view the acronym meaning
Hover over these icons for more information

Comments:

No Comments for this Article

Add new comment

Show name and company details

Follow Us

News

Public Information

Article List:

10 June 2014

BoE launches new framework to test for cyber vulnerabilities

© Bank of England

Key

Comments: