The pressures on financial cybersecurity programs to maintain pace with both threats and regulatory changes is perhaps second to none (well, maybe the healthcare industry). Recognizing this, the Cyber Risk Institute (CRI) has recently unveiled Version 2.0 of its Cybersecurity Profile (CRI Profile), marking a significant step forward in the standardization and strengthening of cybersecurity measures across the financial sector.
The Evolution to Version 2.0
Originally developed as a comprehensive framework tailored to the financial industry, the CRI Profile harmonizes a myriad of regulatory requirements into a single, streamlined set of guidelines. Its latest iteration, Version 2.0, builds on this foundation with extensive updates that reflect the latest cybersecurity trends and regulatory insights. The CRI, a not-for-profit coalition of financial institutions and trade associations, has engineered these changes to foster a more resilient financial infrastructure globally.
What’s New in Version 2.0?
The CRI Profile Version 2.0 introduces several key enhancements aimed at increasing its usability and effectiveness for financial institutions navigating the complex landscape of cybersecurity threats and regulatory pressures.
Enhanced Clarity and Usability
The new version has refined its control objectives and diagnostic statements, making them clearer and more actionable. This change helps institutions of all sizes more effectively implement the necessary cybersecurity measures and ensures that the guidelines are accessible to a broader range of professionals within the industry.
Expanded Coverage of Emerging Threats
Recognizing the dynamic nature of cyber threats, Version 2.0 includes updated guidelines that address recent security challenges, such as ransomware and supply chain attacks. These updates are critical as financial institutions increasingly rely on digital technologies that expose them to new vulnerabilities.
Streamlined Compliance
One of the standout features of the CRI Profile has always been its ability to simplify compliance by integrating various regulatory expectations into a single framework. Version 2.0 takes this further by enhancing the alignment with global standards such as ISO and NIST, thus reducing the compliance burden on institutions and allowing them to focus more on fortifying their defenses.
Focus on Cloud Security
With the financial sector’s growing dependence on cloud technologies, the new Profile version places a significant emphasis on cloud security. It provides detailed guidance on managing relationships with cloud service providers (CSPs) and ensuring that security measures are robust throughout the lifecycle of cloud services.
Benefits of Adopting CRI Profile Version 2.0
The adoption of the CRI Profile Version 2.0 offers numerous benefits for financial institutions:
- Reduced Regulatory Complexity: By consolidating and clarifying regulatory expectations, the Profile simplifies the compliance landscape, making it easier for institutions to meet their obligations without excessive administrative burden.
- Enhanced Cyber Resilience: The Profile’s comprehensive approach to cybersecurity, encompassing current threats and best practices, helps institutions strengthen their defenses against a broad spectrum of cyber risks.
- Streamlined Communication: The common framework and language provided by the Profile facilitate clearer communication about cybersecurity expectations and practices between financial institutions and their regulators, partners, and service providers.
- Cost Efficiency: By reducing redundancy in compliance efforts and focusing on effective risk management practices, institutions can optimize their cybersecurity investments and achieve better outcomes with fewer resources.
Looking Forward
The CRI’s continuous efforts to update and refine the Cybersecurity Profile underscore its commitment to keeping the financial sector secure and compliant in an age of digital transformation. As cyber threats evolve and new technologies emerge, the Profile serves as a living document, adapting to meet the needs of the industry. For financial institutions, embracing the CRI Profile Version 2.0 represents not just compliance, but a strategic advantage in the ongoing effort to protect their operations and customer data from cyber threats. As we look to the future, the role of standardized frameworks like the CRI Profile in promoting cybersecurity resilience cannot be overstated.
With its latest update, the CRI Profile continues to set the standard for cybersecurity in the financial sector. Version 2.0 of the Profile is a testament to the industry’s collective commitment to advancing cybersecurity standards and practices. For institutions ready to take their cybersecurity to the next level, the CRI Profile Version 2.0 offers a robust, tested, and comprehensive toolkit for achieving cyber resilience and regulatory compliance.
| Cloud Native | Faux Cloud | |
| Infrastructure | Provided, paid, and managed by the vendor; mostly invisible to anyone utilizing the service | Provided, paid, and managed by you through your own AWS or Azure account |
| Implementation | Quick time to value; much of the work is invisible to you | Depends on the complexity of the app, but it is your responsibility to do the work or pay someone else to do it |
| Pricing | Subscription with lower up-front cost | Perpetual license with expensive up-front cost that are amortized over time.
(Note: many vendors are moving away from perpetual licensing for on-prem or faux cloud products, but as they do, their customers are getting the worst of both worlds – paying more annually while still being responsible for on-going maintenance of the product) |
| Total Cost of Ownership | The price of the product reflects the genuine cost of ownership | The price of the product is only one (and sometimes only a small) part of the total cost that is reflected in the staff time and public cloud expenses; in many instances, you may not even know what it is going to cost you until it is too late |
| Vendor Lock-In | Easy to switch to another vendor should your business needs change | Expensive license, deployment and maintenance costs make switching prohibitive, often for years |
| Access | Access anywhere via browser with internet connection | On-premises model often requires access via VPN
(Note: what happens when there is a problem with your solution and your VPN is configured to use your on-premises system? Sounds like someone is driving into the office!) |
| Scalability | Automatically scales with usage | Customer must increase capacity to keep up with usage |
| Updates | Vendor regularly updates the underlying components such as servers, databases, etc. This process will often be invisible to you. | You are responsible for ensuring that the entire tech stack – components, databases, servers, network – is updated with the latest patches |
| Upgrades | You seamlessly and transparently reap the benefit of new features, enhancements, and other improvements with zero effort | Any upgrade requires you to install, test, and then deploy the upgrade in production, often during nights and weekends in case something goes wrong |
| Accountability | The vendor takes ownership of the uptime and security, performance, and availability of the service | Apart from the infrastructure as a service, you are on the hook for the performance, health, security, and availability of the solution, lock stock and barrel |
About Version 2 Digital
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.
Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。
Language: English
