Cybersecurity Statement of Guidance for Regulated Entities

Weekly insights from CIMA’s Cybersecurity Guidance

Insight #2 | Section 5: General Guidance

The increased reliance on technology and growing threats to information and financial systems introduces additional risks to an organisation. The CIMA Guidance focuses on a risk–based cybersecurity framework. Regulated entities need to assess their specific risk profile (size, nature and complexity of their business) and design a framework that addresses the risks in a robust fashion. 

In developing their cybersecurity risk management framework, the regulated entities can consider the international standards or frameworks developed by reputable bodies, such as:

  1. The National Institute of Standards and Technology (NIST);
  2. International Organisation for Standardisation (ISO);
  3. Information Technology Infrastructure Library (ITIL); and 
  4. Control Objective for Information and Related Technologies (COBIT).

Regulated entities are also required to carry out regular (i.e., at least annual) self-assessments of their cybersecurity framework. 

Note: The Rule and State of Guidance – Cybersecurity for Regulated Entities will come into effect on November 27th, 2020. 

Next week, we discuss:
The key requirements of an Information Systems and Cybersecurity Framework.

Did you find this useful?