Bank of England unveils cyber security framework

Financial services sector steps up fight against cyber criminals with rollout of new scheme

Malicious code

The Bank of England has launched an IT security framework aimed at helping the wider financial services sector prepare itself for the onslaught of a cyber attack.

The CBEST framework is designed to help financial services organisations share details of prospective threats, ensure their defences can withstand a sophisticated and persistent cyber attack, and help them pinpoint vulnerabilities within their infrastructure.

Advertisement - Article continues below

Companies are set to be provided with detailed information about security threats, realistic penetration testing schemes, and the expertise of cyber threat intelligence analysts.

The initiative was announced today by Andrew Gracie, executive director of resolution at the Bank of England, who confirmed the framework would have access to threat intelligence reports from the government and private sector.

"The idea of CBEST is to bring together the best available threat intelligence from government and elsewhere, tailored to the business model and operations of individual firms, to be delivered with live tests, within a controlled testing environment," he said.

"The results should provide a direct readout on a firm's capability to withstand cyber attacks that on the basis of current intelligence have the most potential, combining probability and impact, to have an adverse impact on financial stability."

The framework's creation has been overseen by the Bank of England, the Treasury and the Financial Conduct Authority, and has also featured input from not-for-profit information security group CREST.

Advertisement - Article continues below
Advertisement - Article continues below

The organisation has been heavily involved with developing new accreditations for the penetration testing aspect of the framework.

Ian Glover, president of CREST, explained: "Although existing penetration testing services in the financial services sector have provided a good level of assurance against traditional attacks, they do not address more sophisticated cyber attacks on critical assets.

"CBEST tests have been designed to replicate the behaviours of serious threat actors, assessed by Government and commercial intelligence providers as posing a genuine threat to important financial institutions."

Featured Resources

Top 5 challenges of migrating applications to the cloud

Explore how VMware Cloud on AWS helps to address common cloud migration challenges

Download now

3 reasons why now is the time to rethink your network

Changing requirements call for new solutions

Download now

All-flash buyer’s guide

Tips for evaluating Solid-State Arrays

Download now

Enabling enterprise machine and deep learning with intelligent storage

The power of AI can only be realised through efficient and performant delivery of data

Download now



10 quick tips to identifying phishing emails

16 Mar 2020
mergers and acquisitions

Panda Security to be acquired by WatchGuard

9 Mar 2020
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Server & storage

HPE warns of 'critical' bug that destroys SSDs after 40,000 hours

26 Mar 2020
video conferencing

Zoom beams iOS user data to Facebook for targeted ads

27 Mar 2020

These are the companies offering free software during the coronavirus crisis

25 Mar 2020
Mobile Phones

Apple lifts iPhone purchase restrictions

23 Mar 2020