Cybersecurity Statement of Guidance for Regulated Entities
Weekly insights from CIMA’s Cybersecurity Guidance
Insight #2 | Section 5: General Guidance
The increased reliance on technology and growing threats to information and financial systems introduces additional risks to an organisation. The CIMA Guidance focuses on a risk–based cybersecurity framework. Regulated entities need to assess their specific risk profile (size, nature and complexity of their business) and design a framework that addresses the risks in a robust fashion.
In developing their cybersecurity risk management framework, the regulated entities can consider the international standards or frameworks developed by reputable bodies, such as:
- The National Institute of Standards and Technology (NIST);
- International Organisation for Standardisation (ISO);
- Information Technology Infrastructure Library (ITIL); and
- Control Objective for Information and Related Technologies (COBIT).
Regulated entities are also required to carry out regular (i.e., at least annual) self-assessments of their cybersecurity framework.
Note: The Rule and State of Guidance – Cybersecurity for Regulated Entities will come into effect on November 27th, 2020.
