Bank of England unveils cyber security framework
Financial services sector steps up fight against cyber criminals with rollout of new scheme
The Bank of England has launched an IT security framework aimed at helping the wider financial services sector prepare itself for the onslaught of a cyber attack.
The CBEST framework is designed to help financial services organisations share details of prospective threats, ensure their defences can withstand a sophisticated and persistent cyber attack, and help them pinpoint vulnerabilities within their infrastructure.
Companies are set to be provided with detailed information about security threats, realistic penetration testing schemes, and the expertise of cyber threat intelligence analysts.
The initiative was announced today by Andrew Gracie, executive director of resolution at the Bank of England, who confirmed the framework would have access to threat intelligence reports from the government and private sector.
"The idea of CBEST is to bring together the best available threat intelligence from government and elsewhere, tailored to the business model and operations of individual firms, to be delivered with live tests, within a controlled testing environment," he said.
"The results should provide a direct readout on a firm's capability to withstand cyber attacks that on the basis of current intelligence have the most potential, combining probability and impact, to have an adverse impact on financial stability."
The framework's creation has been overseen by the Bank of England, the Treasury and the Financial Conduct Authority, and has also featured input from not-for-profit information security group CREST.
The organisation has been heavily involved with developing new accreditations for the penetration testing aspect of the framework.
Ian Glover, president of CREST, explained: "Although existing penetration testing services in the financial services sector have provided a good level of assurance against traditional attacks, they do not address more sophisticated cyber attacks on critical assets.
"CBEST tests have been designed to replicate the behaviours of serious threat actors, assessed by Government and commercial intelligence providers as posing a genuine threat to important financial institutions."
Top 5 challenges of migrating applications to the cloud
Explore how VMware Cloud on AWS helps to address common cloud migration challengesDownload now
3 reasons why now is the time to rethink your network
Changing requirements call for new solutionsDownload now
All-flash buyer’s guide
Tips for evaluating Solid-State ArraysDownload now
Enabling enterprise machine and deep learning with intelligent storage
The power of AI can only be realised through efficient and performant delivery of dataDownload now