TIBER-EU Framework

Solutions

TIBER-RO Framework

Requiring entities in the Romanian financial ecosystem to perform cyber resilience tests

The European Central Bank (ECB) and the other central banks in the European Union (EU) have drawn up the TIBER-EU (Threat Intelligence-based Ethical Red Teaming) Framework. On the 3rd of May 2022, the National Bank of Romania issued the Regulation no. 6/2022 regarding TIBER-RO, the framework for conducting cyber resilience tests, which was also published in the Official Gazette no. 432/03.05.2022.

What banks can do now

Boards and executives with responsibilities for cyber and IT in banks will need to plan this type of exercises in order to improve the cyber-resistance. Therefore, it is crucial for them to discuss their emerging concerns and better understand how their bank’s cyber risk management practices can strike an equilibrium between commercial priorities and a supervisory view of good practice.

Important documents
Templates and guidelines for all the different phases of a test
  • TIBER-EU White Team Guidance
    The TIBER-EU White Team Guidance describes details on the roles and responsibilities of a White Team for a TIBER test, which manages the test from the inside of the tested entity.
  • TIBER-EU Scoping Specification Template
    The TIBER-EU Scoping Specification Template can be used during any TIBER-DE test by the tested entity to present the detailed scope of its respective test.
  • TIBER-EU Guidance for Target Threat Intelligence (TTI) Report
    The TIBER-EU Guidance for Target Threat Intelligence Report aims to provide the Threat Intelligence Provider with a standardized approach to develop the TTI Report for the tested entity.
  • TIBER-EU Guidance for the Red Team Test Plan
    The TIBER-EU Guidance for the Red Team Test Plan aims to provide the Red Team Provider with a standardized approach and structure for producing the Red Team Test Plan, focusing on how to: organize the testing phase; plan the organization and management of the test; and develop the attack scenarios, which build on the threat scenarios from the TTI Report.
  • TIBER-EU Guidance for the Red Team Test Report
    The TIBER-EU Guidance for the Red Team Test Report aims to provide the Red Team Provider with a standardized approach and structure for producing the Red Team Test Report, focusing on: setting out the summary of the test with accompanying evidence; detailing the findings and root cause analyses; determining the key discussion points for the replay with all the relevant stakeholders; and finalizing the remediation plan.
  • TIBER-EU Guidance for the Test Summary Report
    The Guidance for the TIBER-EU Test Summary Report aims to provide entities undertaking a TIBER-DE test with a standardized approach and structure for producing the Test Summary Report.


TIBER-RO Framework

Download the flyer

Contact

Andrei Ionescu

Andrei Ionescu

Partner-in-Charge Risk Advisory

Partner leading the Management Consulting and Risk Advisory services in the Romania & Moldova practice. Andrei has more than 20 years of experience in risk management, cyber risk, internal audit, frau... More

Adrian Ifrim

Adrian Ifrim

Senior Manager

With more than eleven years of experience in the financial, telecom and IT security sector, Adrian is currently serving as Senior Manager for the Deloitte Romania Cyber Risk Services team. After obtai... More

Sergiu Zaharia

Sergiu Zaharia

Director

Sergiu is Cyber Strategy Advisory Director with more than 20 years of experience in Defense, Telco, Financial, Retail, Manufacturing and other sectors as security advisor, trainer and CISO/BCM Manager... More

Mihai Olteanu

Mihai Olteanu

Director

Mihai is Director in the Cyber department of Deloitte Risk & Advisory with 17 years of experience in IT Infrastructure and IT Security areas. He has led and participated in IT Security Solutions imple... More