The UK finance industry has launched a cyber security framework for sharing detailed threat intelligence, testing cyber security and benchmarking financial service providers.
The CBEST framework was developed by the Council of Registered Ethical Security
The UK finance industry has launched a cyber security framework for sharing detailed threat intelligence, testing cyber security and benchmarking financial service providers.
Testers (Crest) in collaboration with the Bank of England, Her Majesty’s Treasury and the Financial Conduct Authority (FCA).
The framework is the first of its kind to be led by any of the world’s central banks and comes less than a week after the government officially launched its Cyber Essentials Scheme, also supported by Crest.
Crest provides internationally recognised certifications for organisations and individuals providing penetration testing, cyber incident response and security architecture services.
Launching the framework at the Bankers Association in London, Andrew Gracie, executive director of resolution at the Bank of England, emphasised the importance of CBEST to help UK financial services organisations protect against increasingly sophisticated cyber attacks on their core systems.
CBEST is designed to help the boards of financial firms, infrastructure providers and regulators to improve their understanding of the types of cyber attack that could undermine the UK’s financial stability.
Testing critical assets
The framework will also focus on the extent to which the UK financial sector is vulnerable to attacks and how effective their detection and recovery processes are.
CBEST puts in place measures that allow organisations to conduct controlled, targeted and intelligence-led tests on critical assets without harm.
“Although existing penetration testing services in the financial services sector have provided a good level of assurance against traditional attacks, they do not address more sophisticated cyber attacks on critical assets,” said Ian Glover, president of Crest.
“CBEST tests have been designed to replicate the behaviours of serious threat actors, assessed by government and commercial intelligence providers as posing a genuine threat to important financial institutions.”
Cyber threat intelligence
According to Glover, CBEST differs from other security testing currently undertaken by the financial services sector because it is threat intelligence-based, is less constrained and focuses on the more sophisticated and persistent attacks against critical systems and essential services.
The post Bank of England launches cyber security framework appeared first on Payments Cards & Mobile.
