CyberSaint updates support financial services sector risk management

01-10-2020

CyberSaint, a US developer of a platform for automated cybersecurity programme management, has released new features supporting the Financial Services Sector Cybersecurity Profile within its CyberStrong platform.

The Financial Services Sector Cybersecurity Profile is a scalable and extensible assessment that financial institutions of all types can use for internal and external (ie, third party) cyber risk management assessment and as a mechanism to evidence compliance with various regulatory frameworks both within the US and globally.

The new CyberStrong features include automated mappings between the Financial Services Sector Cybersecurity Profile and the NIST Cybersecurity Framework, the Federal Financial Institutions Examination Council (FFIEC), and others. These updates are supported by CyberSaint’s existing patented technology, which is used to optimise programme performance and eliminate manual intervention for assessments, remediation, and reporting.

The Financial Services Sector Coordinating Council (FSSCC) Financial Services Sector Cybersecurity Profile was created by the Bank Policy Institute (BPI), leading organisations, and institutions to fulfil the need for a more efficient, tailored, and easily communicated framework to leverage across the financial services sector.

The profile is designed for all financial services organisations from banking, asset management, broker-dealers, insurance, to market utilities. CyberSaint’s update was shaped in part by feedback from the BPI and some of the world’s largest financial services, payment, and banking organisations.

CyberSaint’s CyberStrong platform supports various risk and compliance programme use cases, allowing customers to build cybersecurity resilience from assessment to boardroom. The platform scales to support extensive cyber risk transformation projects undergone by Fortune 100 customers while also meeting the needs of regional banks and credit unions’ continuous assessment, risk, compliance, and audit programmes.

“CyberSaint’s vision is a key reason why partnering with the team is so exciting for us,” stated Kerri Keller, consulting risk leader and senior manager at EY.

“For our joint customers, the CyberStrong platform’s automation, alignment with industry standards, and ease of deployment have been paramount to their success. Our enterprise CISO partners want to create narratives around their strategic plans for compliance and risk management initiatives, proposed solutions, return on security investment, and most importantly business enablement.”

CyberSaint’s new update enables customers to measure, track, and report on financial services sector compliance standards, including the Financial Services Sector Cybersecurity Profile, FFIEC, New York Department of Financial Services regulation (23 NYCRR 500), PCI, and any other standard.

CyberStrong also provides advanced automation via integrations with the security tech stack paired with patented natural language processing (NLP) and additional machine learning (ML) applications to eliminate a large portion of the previously manual assessment and reporting process.

For organisations aligning with many frameworks and standards, CyberStrong allows for harmonisation between and across assessments, offering an “assess once, comply many” approach across standards such as NIST SP 800-53, NIST CSF, PCI, FFIEC, ISO, 23 NYCRR 500, CIS 20, and others.

Beyond compliance, security and risk leaders within financial services organisations can manage new and unprecedented risks within CyberStrong’s risk register by tracking changes, gaps, and trends as risks are mitigated, accepted, transferred, or avoided. Customers can readily standardise on risk quantification methodologies such as the FAIR model, NIST 800-30, and Return on Security Investment to drive clear communication and informed decision-making. Additionally, CyberStrong’s newly added solution-cost modelling functionality allows customers to compare annualised solution plans to determine the most effective risk mitigation strategies.

“The financial services sector has been at the forefront of risk management for years, and we are thrilled to introduce a specialised offering to support their integrated risk management strategies and cyber risk initiatives.

“We are excited to benefit from their experience and feedback as much as they benefit from CyberStrong,” said Padraic O’Reilly, chief product officer at CyberSaint.

EY, CyberSaint, Risk Management, Insurance, Cybersecurity, Kerri Keller, North America

Intelligent Insurer