Codeveloped Operational Resilience Assessment Aids Banking Sector in Reducing Operational Risk from Destructive Cyber Attacks and Adverse Events
HERNDON, Va., October 27, 2021--(BUSINESS WIRE)--The Global Resilience Federation (GRF) led team, including TrustMAPP, was awarded most "Effective/Impactful" in the Federal Deposit Insurance Corporation (FDIC) technology sprint competition, "From Hurricanes to Ransomware: Measuring Resilience in the Banking World." GRF presented the GRF-developed Operational Resilience Framework, coupled with a TrustMAPP designed security assessment that, together, can help measure and improve an organization’s resilience to destructive attacks and adverse events.
"We were pleased to participate in the FDIC tech sprint contest and could not be happier to have won the Effectiveness/Impact category against some impressive competition," said Mark Orsi, President of GRF. "We’ve been working hard with representatives from several industries to develop tools that help companies continue their critical services to their customers and business partners while facing major hazards."
The FDIC competition evaluated solutions from six teams developing tools and processes to assess resilience against major disruptions. The Effectiveness/Impact category was determined under the conditions:
To what degree did the approach have the potential to lead to a universal set of measures with a testing mechanism that may be used by all banks while protecting proprietary data, including consumer data, and critical systems and operations? In addition, how did the approach add value for a variety of stakeholders, particularly small to midsize financial institutions?
A panel reviewing presentations included representatives from FDIC, the Office of the Comptroller of the Currency, the Securities and Exchange Commission, the Department of Homeland Security Cybersecurity and Infrastructure Security Agency, and the National Institute of Standards and Technology.
TrustMAPP CISO and CTO Allan Alford said, "This competition was important in two ways. First, it ratified steps we’ve taken in developing a TrustMAPP module useful for security practitioners in the financial services sector to establish and enhance operational resilience. Secondly, it validated the multi-sector applicability of the assessment and the Operational Resilience Framework. This is a big win."
The GRF’s Operational Resilience Framework is being developed by a multi-sector group of security practitioners to reduce operational risk, minimize service disruptions and limit systemic impacts from destructive attacks and adverse events. The framework will include rules, a reference architecture and implementation tools aligned to standards and existing vendor solutions to ensure the immutable and recoverable nature of data, systems, networks, applications and configurations.
"The FDIC Tech Sprint was specific to the banking industry, but what we are developing is applicable to all sectors," said Trey Maust, Chair of the Operational Resilience Framework Working Group & Executive Chairman of Lewis & Clark Bank. "Discussion of user and business data backups has been around for years, but in today’s threat environment, we need to go further to maintain continuity of critical services within predetermined impact tolerances. A bank can’t go down for days or weeks, restore services to pre-event levels, and call it a success."
Read more on the competition from FDIC: https://www.fdic.gov/news/press-releases/2021/pr21091.html
Global Resilience Federation (GRF) is a non-profit hub and integrator for support, analysis, and cross-sector intelligence exchange among information sharing and analysis centers (ISACs), organizations (ISAOs), and computer emergency readiness/response teams (CERTs). GRF’s mission is to help assure the resilience of critical and essential infrastructure against threats that could significantly impact the orderly functioning of the global economy and general safety of the public. Learn about the GRF’s Business Resilience Council developing the Operational Resilience Framework: https://www.grf.org/brc. You may also visit @GRFederation on Twitter or Global Resilience Federation on LinkedIn. Media inquiries may be directed to Patrick McGlone at firstname.lastname@example.org
TrustMAPP delivers continuous Cybersecurity Performance Management, giving CISOs a real-time view of the effectiveness of their cybersecurity program. TrustMAPP tells you where you are, where you’re going, and what it will take to get there. From a single source of data, an organization’s security posture is visible based on stakeholder perspective: CISO, C-Suite, and Board. TrustMAPP gives organizations the ability to manage security as a business, quantifying and prioritizing remediation actions and costs. Please visit trustmapp.com to learn more and also visit @TrustMAPP on Twitter and TrustMAPP on LinkedIn. General inquiries should be directed to email@example.com. Press and analyst inquiries should be sent to firstname.lastname@example.org.
View source version on businesswire.com: https://www.businesswire.com/news/home/20211027005158/en/
Patrick McGlone, email@example.com