TRENDING:

Governance & Risk Management , Incident & Breach Response , Managed Detection & Response (MDR)

BITS President: Cyber Guidance Confuses CISOs

Chris Feeney on Why Regulators, Agencies Need to Avoid Conflicting Advice Tracy Kitten (FraudBlogger) • December 23, 2015     10 Minutes   
BITS President: Cyber Guidance Confuses CISOs
Chris Feeney, president, BITS, the technology and policy division of the Financial Services Roundtable

Conflicting cybersecurity guidance from banking regulators and a federal agency is making it more difficult for CISOs to set priorities, says Chris Feeney, president of BITS, the technology and policy division of the Financial Services Roundtable.

Regulators and agencies need to improve collaboration so they can send a consistent message about the best cybersecurity practices and the expectations CISOs should meet, he says in an interview with Information Security Media Group.

"We certainly believe in working with the regulators, and we think what they are trying to do is really protect the safety and soundness of the industry," Feeney says. "They're trying to provide the industry, specifically the firms that they regulate, with a set of tools to do that."

Nevertheless, Feeney says BITS is concerned that the Federal Financial Institutions Examination Council's Cyber Assessment Tool, which was released in July, contains some recommendations that conflict with the National Institute of Standards and Technology's cybersecurity framework, which was released in February 2014.

This is a concern, Feeney says, because BITS considers the NIST framework the benchmark of cybersecurity standards for banking institutions (see How Will NIST Framework Affect Banks?).

Building on a Chassis

"The NIST framework is the chassis to build on, primarily because of the collaboration that led to its creation, and then, obviously, the multiple years of education and embedding in a set of processes," he says. "However the CAT [FFIEC Cyber Assessment Tool] has elements that are relevant and important and are useful for the industry. So what we would really like to see is these groups come together in a very collaborative way and develop a set of tools or frameworks, almost merged in a way, that allows them to take the best of both and come out with a very comprehensive and very operationally achievable framework. ... We'd love to get behind that kind of effort."

During this interview (see audio link below photo), Feeney also discusses:

  • Why CISOs need to educate their boards of directors about cybersecurity and regulatory issues;
  • How cyberthreat intelligence sharing and data breach notification could become more regulated; and
  • Why adoption of the top-level Domain, .bank, will make waves in 2016.

Earlier this year, Feeney replaced Paul Smocer as president of BITS, which addresses emerging technology and operational opportunities for the financial services industry. BITS is the technology and policy division of the Financial Services Roundtable, an advocacy organization for the U.S. financial services industry. Feeney works with the nation's largest financial institutions and policymakers to promote cybersecurity and fraud prevention. He has more than 30 years of experience in executive management, technology, business/sales management and operating roles at software companies, broker/dealers and investment management firms.

Previous
The Evolution of User Behavior Analytics
Next
The Practical Application of User Behavior Analytics



Around the Network

How the NIST CSF 2.0 Can Help Healthcare Sector Firms
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
Safeguarding Critical OT and IoT Gear Used in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare
Transforming a Cyber Program in the Aftermath of an Attack
Transforming a Cyber Program in the Aftermath of an Attack
Medical Device Cyberthreat Modeling: Top Considerations
Medical Device Cyberthreat Modeling: Top Considerations
How 'Security by Default' Boosts Health Sector Cybersecurity
How 'Security by Default' Boosts Health Sector Cybersecurity
Evolving Threats Facing Robotic and Other Medical Gear
Evolving Threats Facing Robotic and Other Medical Gear
Protecting Medical Devices Against Future Cyberthreats
Protecting Medical Devices Against Future Cyberthreats
Identity Security and How to Reduce Risk During M&A
Identity Security and How to Reduce Risk During M&A
Is It Generative AI's Fault, or Do We Blame Human Beings?
Is It Generative AI's Fault, or Do We Blame Human Beings?
Why Health Firms Struggle with Cybersecurity Frameworks
Why Health Firms Struggle with Cybersecurity Frameworks

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.com, you agree to our use of cookies.