TIBER-EU Framework

Solutions

TIBER-RO Framework

Requiring entities in the Romanian financial ecosystem to perform cyber resilience tests

The European Central Bank (ECB) and the other central banks in the European Union (EU) have drawn up the TIBER-EU (Threat Intelligence-based Ethical Red Teaming) Framework. On the 3rd of May 2022, the National Bank of Romania issued the Regulation no. 6/2022 regarding TIBER-RO, the framework for conducting cyber resilience tests, which was also published in the Official Gazette no. 432/03.05.2022.

What banks can do now

Boards and executives with responsibilities for cyber and IT in banks will need to plan this type of exercises in order to improve the cyber-resistance. Therefore, it is crucial for them to discuss their emerging concerns and better understand how their bank’s cyber risk management practices can strike an equilibrium between commercial priorities and a supervisory view of good practice.

Important documents
Templates and guidelines for all the different phases of a test
  • TIBER-EU White Team Guidance
    The TIBER-EU White Team Guidance describes details on the roles and responsibilities of a White Team for a TIBER test, which manages the test from the inside of the tested entity.
  • TIBER-EU Scoping Specification Template
    The TIBER-EU Scoping Specification Template can be used during any TIBER-DE test by the tested entity to present the detailed scope of its respective test.
  • TIBER-EU Guidance for Target Threat Intelligence (TTI) Report
    The TIBER-EU Guidance for Target Threat Intelligence Report aims to provide the Threat Intelligence Provider with a standardized approach to develop the TTI Report for the tested entity.
  • TIBER-EU Guidance for the Red Team Test Plan
    The TIBER-EU Guidance for the Red Team Test Plan aims to provide the Red Team Provider with a standardized approach and structure for producing the Red Team Test Plan, focusing on how to: organize the testing phase; plan the organization and management of the test; and develop the attack scenarios, which build on the threat scenarios from the TTI Report.
  • TIBER-EU Guidance for the Red Team Test Report
    The TIBER-EU Guidance for the Red Team Test Report aims to provide the Red Team Provider with a standardized approach and structure for producing the Red Team Test Report, focusing on: setting out the summary of the test with accompanying evidence; detailing the findings and root cause analyses; determining the key discussion points for the replay with all the relevant stakeholders; and finalizing the remediation plan.
  • TIBER-EU Guidance for the Test Summary Report
    The Guidance for the TIBER-EU Test Summary Report aims to provide entities undertaking a TIBER-DE test with a standardized approach and structure for producing the Test Summary Report.


TIBER-RO Framework

Download the flyer
For an in-depth exploration
of our cybersecurity expertise
Discover more

Andrei Ionescu

Andrei Ionescu

Partner-in-Charge Risk Advisory

Partner leading the Consulting and Risk Advisory service lines in the Romania & Moldova practice. Andrei has more than 20 years of experience in risk management, cyber risk, internal audit, fraud mana... More

Dragos Ionica

Dragos Ionica

Senior Manager

With more than 12 years of experience in the cybersecurity field, he works as a penetration tester and bug bounty hunter, with significant expertise in web application and infrastructure security test... More