Story image

Bangko Sentral Ng Pilipinas reveals renewed focus on cybersecurity

07 Nov 17

The Bangko Sentral Ng Pilipinas (BSP) has renewed its guidelines on information security management with a renewed focus on cybersecurity.

Its Monetary Board recently approved pioneering guidelines with the new focus in order to address growing concerns about cyber threats that affect both domestic and global financial communities.

The amendments are part of the company’s Strategic Roadmap on cybersecurity.

The BSP says many security research reports show that global cybercrime losses will increase ‘exponentially’ and the financial services industry will continue to be a prime target.

It warns that without proper management, Bangko Sentral supervised financial institutions (BSFIs) may result in “legal, reputational and systemic risks”.

The amendments to BSP guidelines include a stronger role for BSFI’s Board and senior management. They will be responsible for spearheading sound information security governance and strong security culture within their respective networks.

BSFIs will also mandated to manage information security risks and exposure ‘within acceptable levels’ through people, policies, processes and technologies. They will be required to follow the continuous cycle of ‘identify, prevent, detect, respond, recover and test’.

They are also encouraged to include cyber resilience elements such as participation in information sharing and collaboration, enhance situational awareness capabilities and adopt advanced cybersecurity controls and countermeasures.

The BSP suggests that 24/7 security operations centers (SOCs), which are equipped with advanced technologies and controlled by analysts who can monitor emerging and sophisticated cyber attacks.

“The new guidelines recognize that BSFIs are at varying levels of cyber-maturity and cyber-risk exposures which may render certain requirements restrictive and costly vis-à-vis expected benefits,” BSP states.

“Thus, the IT profile classification has been expanded from two (2) to three (3), namely: “Complex”, “Moderate” and “Simple” to provide greater flexibility in complying with the requirements.  BSFIs with complex IT profile classification would warrant adoption of advanced cybersecurity tools and processes such as the setting up of an SOC.”

BSP acknowledges that its Strategic Roadmap on cybersecurity must balance the promotion of innovation and cyber risk management..

“The new guidelines, one of the first in Southeast Asia, cover a holistic framework on information security risk management (ISRM) as an integral part of the BSFIs’ information security program, enterprise risk management system and governance mechanisms.  The new Circular incorporates, to the extent possible, key principles and concepts from leading standards, technology frameworks and global best practices on information security,” BSP concludes.

BFSIs have one year to comply with the provisions. Action plans and timelines will be made available on request from December 2017.

Cylance makes APIs available in endpoint detection offering
Extensive APIs enable security teams to more efficiently view, enrich, and contextualise real-time intelligence collected at the endpoint to keep systems secure.
SolarWinds adds SDN monitoring support to network management portfolio
SolarWinds announced a broad refresh to its network management portfolio, as well as key enhancements to the Orion Platform. 
JASK prepares for global rollout of their AI-powered ASOC platform
The JASK ASOC platform automates alert investigations, supposedly freeing the SOC analyst to do what machines can’t. 
Pitfalls to avoid when configuring cloud firewalls
Flexibility and granularity of security controls is good but can still represent a risk for new cloud adopters that don’t recognise some of the configuration pitfalls.
Securing hotel technology to protect customer information
Network security risks increase exponentially as hotels look to incorporate newer technologies to support a range of IoT devices, including smart door locks.
Why total visibility is the key to zero trust
Over time, the basic zero trust model has evolved and matured into what Forrester calls the Zero Trust eXtended (ZTX) Ecosystem.
Gartner names Proofpoint Leader in enterprise information archiving
The report provides a detailed overview of the enterprise information archiving market and evaluates vendors based on completeness of vision and ability to execute.
Tensions on the rise after Huawei CFO arrest
“Recently our corporate CFO, Meng Wanzhou, was provisionally detained by the Canadian authorities on behalf of the United States of America."