Technology and cyber risk Management Flashcards
What is the role of senior management with respect to technology and cyber risk?
Senior Management should assign responsibility for managing technology and cyber risks to senior officers. It should also ensure an appropriate organizational structure and adequate resourcing are in place for managing technology and cyber risks across the FRFI.
What are concrete examples of actions to increase cyber security?
- Use strong cryptographic technologies
- Control access to data and files
- Use multiple layers of protection
- Monitor account activity
Why should FRFIs maintain an updated inventory of all technology assets supporting business processes or functions?
FRFI’s asset management processes should address classification of assets to facilitate risk identification and assessment, record configurations to ensure asset integrity, provide for the safe disposal of assets at the end of their life cycle, and monitor and manage technology currency.
What is a System Development Life Cycle (SDLC) framework and why should FRFI’s develop one?
The SDLC framework should outline processes and controls in each phase of the SDLC life cycle to achieve security and functionality, while ensuring systems and software perform as expected to support business objectives. FRFI’s develop an SDLC for the secure development, acquisition and maintenance of technology systems that perform as expected in support of business objectives.
What are 3 outcomes of good technology and cyber risk management?
- Technology and cyber risks are governed through clear accountabilities and structures, and comprehensive strategies and frameworks.
- A technology environment that is stable, scalable and resilient. The environment is kept current and supported by robust and sustainable technology operating and recovery processes.
- A secure technology posture that maintains the confidentiality, integrity and availability of the FRFI’s technology assets
