Regulatory Alerts2024-11-18
Management of IT, Information Security, and Cyber Protection Risks
The Supervisor of Banks issued this directive to require banking corporations to integrate IT, information security, and cyber protection risks into their overall corporate governance and operational risk management frameworks. The regulation mandates the establishment of robust risk management processes, including specific roles for the CTO and CISO, to ensure the confidentiality, integrity, and availability of information assets against evolving cyber threats. It further outlines comprehensive requirements for incident management, third-party risk oversight, and business continuity planning to maintain operational resilience and protect stakeholders.
Share