Banking and Finance Sector-Specific Plan - U.S. Department of ...

More documents

Recommendations

Info

updates on the sector metrics in support of DHS status reports. The Treasury Department also will use the established publicprivate partnership to share the sector metrics directly with the members of the FBIIC and the FSSCC. 6.2 Implementation Actions As part of the overall NIPP, the Banking and Finance SSP provides the strategy for public and private sector partners to work together to identify, prioritize, and coordinate the protection of critical infrastructure. This SSP also summarizes the extensive activities that the sector has done and continues to do to reduce vulnerabilities and share information. As the SSA, the Treasury Department has the responsibility to coordinate the implementation actions for the Banking and Finance SSP. Given the dynamic nature of the sector, the Treasury will work closely with the FBIIC, the FSSCC, and its security partners to create dynamic implementation actions that allow the SSP to be flexible and adaptive. In the implementation matrix, each implementation action corresponds to the appropriate stage in the NIPP risk management framework. The matrix also describes the milestone for each action as well as the appropriate sector security partners who should be involved in the implementation process. Table 6-1: Implementation Actions Implementation Action Milestone Security Partners Set Security Goals Establish a sector GCC The FBIIC was established in October 2001. The Treasury Department, the Federal and State financial regulators, and related associations Establish a sector SCC The FSSCC was created in June 2002. The Treasury Department, the FBIIC, and private sector partners Establish a sector information- sharing system. Review and refine the sector’s security goals and value proposition. Identify Assets, Systems, Networks, and Functions Identify, evaluate, and update the current methodologies for validating assets, systems, and networks in the sector. The FS-ISAC was established in 1999. Presently, the Treasury Department and members of the FSSCC and FS-ISAC are working with DHS to coordinate the use of the HSIN. The Treasury Department, public and private sector partners, and DHS Annually within the SSP review process The Treasury Department, the FBIIC, and the FSSCC Annually The Treasury Department, the Federal and State financial regulators, and private sector partners Banking and Finance Sector-Specific Plan
Implementation Action Milestone Security Partners Identify, evaluate, and update the current methodologies for validating assets, systems, and networks at the institution level. Daily Federal and State financial regulators and members of the private sector Collect data on critical assets. Annually The Treasury Department, the FBIIC agencies, and private sector partners Verify and review asset information. Annually The Treasury Department, the FBIIC agencies, and private sector partners Update asset data. As needed basis The Treasury Department, the FBIIC agencies, and private sector partners Assess Risks Conduct risk assessments and mitigate vulnerabilities. Develop and review risk assessment methodologies for the sector. Establish and evaluate a screening process to identify and assess critical assets, systems, and networks. Assess consequences, vulnerabilities, and threats. Identify and address sector dependencies. Prioritize Identify and prioritize systemically important assets, processes, and networks. Measure Progress Daily per regulatory requirements Financial regulatory authorities and the private sector Annually The Treasury Department, the FBIIC agencies, and private sector partners Annually The Treasury Department, the FBIIC agencies, and private sector partners As-needed basis The Treasury Department, the FBIIC agencies, and private sector partners, DHS As-needed basis The Treasury Department, the FBIIC agencies, and private sector partners, DHS, and other critical sectors (Energy, Information Technology, Communications, Transportation) Annually The Treasury Department, the FBIIC agencies, and private sector partners
Page 1: Banking and Finance Critical Infras
Page 4 and 5: ii Banking and Finance Sector-Speci
Page 6 and 7: iv 2.2.5 Collecting Asset Data 25 2
Page 9 and 10: Executive Summary The Banking and F
Page 11 and 12: 3. Assess Risks Risk assessments ar
Page 13: Introduction According to Homeland
Page 16 and 17: and technological systems. These ex
Page 18 and 19: in various organized markets, from
Page 20 and 21: Figure 1-1: FBIIC Members FBIIC Mem
Page 22 and 23: • The NCUA regulates Federally ch
Page 24 and 25: • Identify voluntary efforts wher
Page 26 and 27: Continuity in the Financial Service
Page 28 and 29: The Banking and Finance Sector has
Page 30 and 31: system. All of the systemically cri
Page 32 and 33: linked to payments occurring in sys
Page 35 and 36: 3. Assess Risks Both the public and
Page 37 and 38: the FBIIC agencies identify financi
Page 39 and 40: 4. Prioritize Infrastructure In the
Page 41 and 42: 5. Develop and Implement Protective
Page 43 and 44: - The Treasury Department acquired
Page 45 and 46: work of the SSA and various public
Page 47: • In 2003, BITS and SIA drafted C
Page 50 and 51: 6.1.1 Developing Sector-Specific Me
Page 54 and 55: 6 Implementation Action Milestone S
Page 56 and 57: • Understanding and Avoiding of t
Page 59 and 60: 8. Manage and Coordinate SSA Respon
Page 61: information. This information-shari
Page 64 and 65: NFA National Futures Association NI
Page 66 and 67: Federal Deposit Insurance Corporati
Page 68 and 69: Office of Comptroller of the Curren
Page 70 and 71: Department of the Treasury U.S. Cod
Page 72 and 73: State Banking Law/Statute Maryland
Page 74 and 75: National Association of Insurance C
Page 76 and 77: Code & Regulations State URL §§ 5
Page 78 and 79: Code & Regulations State URL §§ 3
Page 80 and 81: State Statute Nebraska NE ST §§ 8
Page 82 and 83: Date Title URL 08-05 Information Te
Page 84 and 85: Date Title URL 08-01 Examination Pr
Page 86 and 87: Federal Financial Institution Exami
Page 88 and 89: Date Title URL 03-31 FFIEC Retail P
Page 90 and 91: Date Title URL 12-05 Interagency Gu
Page 92 and 93: National Credit Union Administratio
Page 94 and 95: Date Title URL 09-01 NCUA Letter to
Page 96 and 97: Date Title URL 05-04 Risk Managemen
Page 98 and 99: Summary of Regulatory Guidance on E
Page 100 and 101: Date Title URL 04-03 Interagency Gu
Page 103 and 104:
Appendix 3: FSSCC Research and Deve
Page 105 and 106:
1. Common operating picture archite
Page 107 and 108:
members are very active. One of the
Page 109 and 110:
K Financial information tracing is
Page 111:
SCC R&D Challenges vs. NIPP R&D The
show all

Banking and Finance Sector-Specific Plan - U.S. Department of ...

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?