Banking and Finance Sector-Specific Plan - U.S. Department of ...

More documents

Recommendations

Info

Figure 3-2: Dependent Relationships Any vulnerability assessment of the financial services sector cannot be truly final because the sector is evolving constantly. Thus, the FBIIC members continue to update assessments regularly to identify vulnerabilities and manage and assess asset risks, especially as the sector adopts new technology. Furthermore, the Treasury Department will work with DHS to coordinate how to normalize the results of the Banking and Finance Sector’s vulnerability assessments so that they may be comparable to the overall NIPP. 3.5 Assessing Threats There have been individuals and groups that have attempted to exploit the sector for their own pecuniary gains. Over time, the sector has developed defenses to thwart these attacks. However, criminals and terrorists continue to devise new methods and schemes. Therefore, the Treasury works with other Federal agencies, including the DHS Homeland Infrastructure Threat and Risk Analysis Center, on a daily basis to assess physical and cyber threats that are identified as specifically directed at the sector or at an asset on a national, regional, or local level. Relationships with DHS and other SSAs provide real-time information regarding these threats. Additionally, when threats are identified, frequent communications between the FBIIC and the FSSCC facilitate the efficient and effective transfer of potential threat information, permitting the sector to mitigate vulnerabilities. 0 Banking and Finance Sector-Specific Plan
4. Prioritize Infrastructure In the wake of the attacks of September 11, 2001, the Treasury, in conjunction with the members of the FBIIC and the private sector, undertook a renewed effort to identify and prioritize the key infrastructures. This effort is part of the overall risk assessment and management process taking place in the public and private sectors on an ongoing basis. The risk assessment methodology discussed in section 3 is part of the sector’s overall risk management approach, which includes prioritization efforts. The prioritization within this approach assists the sector in determining the focus for protective programs. In the private sector, this effort is an internal process to analyze and prioritize the processes and networks that the individual institutions need to meet their business continuity management and planning efforts. In the public sector, the Treasury Department, through outreach to the members of the FBIIC, conducts an annual risk assessment review of the sector. This effort provides a sector-wide prioritization focused on business continuity and resilience for essential processes in the Banking and Finance Sector. The prioritization is informed by the extensive knowledge of the members of the FBIIC and, where appropriate, in consultation with certain private sector owners and operators. As the sector is changing constantly, so, too, are the Treasury and the FBIIC’s processes for identifying and prioritizing the systemically important assets, processes, and networks. The Treasury Department and the FBIIC continually meet with financial institutions and regulators to determine any new assets that are critical to the operations of the sector. Results from these consultations are used to update the annual prioritization where appropriate. The Treasury Department uses the prioritization to inform sector participants where appropriate and to facilitate discussions, if necessary, to employ protective measures with the owners and operators. In specific instances, the Treasury Department reaches out to these members of the sector to encourage participation in business continuity exercises and programs. From a sector-wide perspective, these prioritization efforts inform the FBIIC’s perspective on overall sector risk and, in turn, influence the Treasury Department’s ongoing development of new outreach programs. Furthermore the Treasury Department works with its security partners, including DHS, to collaborate on threat analysis and information dissemination in accordance with this prioritization in the Banking and Finance Sector. This process enables the coordination necessary to conform with the NIPP baseline criteria and helps to facilitate DHS’s efforts to assess national comparable risk. The basis for prioritization of critical infrastructure within the Banking and Finance Sector stems from the degree of sector reliance on the identified assets, processes, and networks. Analysis for this prioritization relies upon the potential impact to the sector’s continued efficient and orderly operation, should the infrastructure experience significant interruption or loss. Essential to this prioritization process is the importance of these infrastructures and the overall financial services system to maintaining the public’s confidence in our national economic system and political institutions. The effort uses a variety of factors, including: Prioritize Infrastructure
Page 1: Banking and Finance Critical Infras
Page 4 and 5: ii Banking and Finance Sector-Speci
Page 6 and 7: iv 2.2.5 Collecting Asset Data 25 2
Page 9 and 10: Executive Summary The Banking and F
Page 11 and 12: 3. Assess Risks Risk assessments ar
Page 13: Introduction According to Homeland
Page 16 and 17: and technological systems. These ex
Page 18 and 19: in various organized markets, from
Page 20 and 21: Figure 1-1: FBIIC Members FBIIC Mem
Page 22 and 23: • The NCUA regulates Federally ch
Page 24 and 25: • Identify voluntary efforts wher
Page 26 and 27: Continuity in the Financial Service
Page 28 and 29: The Banking and Finance Sector has
Page 30 and 31: system. All of the systemically cri
Page 32 and 33: linked to payments occurring in sys
Page 35 and 36: 3. Assess Risks Both the public and
Page 37: the FBIIC agencies identify financi
Page 41 and 42: 5. Develop and Implement Protective
Page 43 and 44: - The Treasury Department acquired
Page 45 and 46: work of the SSA and various public
Page 47: • In 2003, BITS and SIA drafted C
Page 50 and 51: 6.1.1 Developing Sector-Specific Me
Page 52 and 53: updates on the sector metrics in su
Page 54 and 55: 6 Implementation Action Milestone S
Page 56 and 57: • Understanding and Avoiding of t
Page 59 and 60: 8. Manage and Coordinate SSA Respon
Page 61: information. This information-shari
Page 64 and 65: NFA National Futures Association NI
Page 66 and 67: Federal Deposit Insurance Corporati
Page 68 and 69: Office of Comptroller of the Curren
Page 70 and 71: Department of the Treasury U.S. Cod
Page 72 and 73: State Banking Law/Statute Maryland
Page 74 and 75: National Association of Insurance C
Page 76 and 77: Code & Regulations State URL §§ 5
Page 78 and 79: Code & Regulations State URL §§ 3
Page 80 and 81: State Statute Nebraska NE ST §§ 8
Page 82 and 83: Date Title URL 08-05 Information Te
Page 84 and 85: Date Title URL 08-01 Examination Pr
Page 86 and 87: Federal Financial Institution Exami
Page 88 and 89:
Date Title URL 03-31 FFIEC Retail P
Page 90 and 91:
Date Title URL 12-05 Interagency Gu
Page 92 and 93:
National Credit Union Administratio
Page 94 and 95:
Date Title URL 09-01 NCUA Letter to
Page 96 and 97:
Date Title URL 05-04 Risk Managemen
Page 98 and 99:
Summary of Regulatory Guidance on E
Page 100 and 101:
Date Title URL 04-03 Interagency Gu
Page 103 and 104:
Appendix 3: FSSCC Research and Deve
Page 105 and 106:
1. Common operating picture archite
Page 107 and 108:
members are very active. One of the
Page 109 and 110:
K Financial information tracing is
Page 111:
SCC R&D Challenges vs. NIPP R&D The
show all

Banking and Finance Sector-Specific Plan - U.S. Department of ...

Create successful ePaper yourself

Delete template?

Save as template?