全球風險管理專業人士協會(GARP)致力于為風險管理條線上的各級人員，包括各大金融機構的風險從業者和監管機構人員提供風險教育和最新行業資訊。GARP China微信公眾號將持續轉載“GARP Risk Intelligence”系列文章，介紹科技、企業文化與治理、能源等領域對操作風險、信用風險、市場風險和資產負債管理的影響。讓我們一起全面認識風險，防范風險，化解風險。
在企業網絡風險評分(Cyber Risk Score)的基礎上，信用分析公司FICO制作了一個國家綜合指標，即ABC(Assessment of Business Cybersecurity)并在美國商會網站上發表。美商會同時支持兩項法案，旨在“提高美國政府以協調有效的方式解決網絡問題的能力”。其中一項提案將使美國國務院能在一個辦公室內整合網絡和數字經濟問題，該辦公室主任將為大使級官員，這將允許其與世界各地的合作伙伴進行高層外交接觸。
The scores measure the probability of a breach over the next 12 months, and the range of 619 to 764 is said to represent “a significant difference in relative risk across the evaluated sectors.” With every 84-point increment, the likelihood of a material breach doubles, so “the range of sector assessment values represents an almost 200% differential in risk across the represented sectors,” the research says.
Finance and banking, widely regarded as one of the most effective sectors in terms of cyber defense and resources committed to it, scored 642, between media-telecom-technology's 619 and materials and manufacturing's 672. In other words, financial services is one of the higher-risk sectors.
“It is a risk score, not a performance score,” explains Julie May, a vice president in FICO's cyber solutions group.
FICO vice president for cybersecurity solutions Doug Clare said, “The FICO Cyber Risk Score is not a report card — just like the FICO Score, it's an empirical, objective forecast of performance. Individual businesses can use the FICO Cyber Risk Score to compare their own cyber risk against these benchmarks.”
Figure 1：Among the Assessment of Business Cybersecurity sector scores contributing the overall 687: Construction 764, Energy & Utilities 707, Health Care 679, Agriculture & Food 671, Finance & Banking 642, Media, Telecom & Technology 619.
It is important to realize that the maturity level of the underlying processes in the modelling ecosystem will heavily influence the effectiveness and efficiency of the MRM activities.
In general, bigger size and organizational complexity correlate with greater cyber risk, but in financial services and health care (overall score 679), “the correlation of size and risk is less pronounced than in other sectors,” the report says. Finance and health care have in common that they are regulated industries, “custodians of especially valuable personally identifiable information” and subject to specific data-protection compliance regimes, notably HIPAA and PCI.
The relative consistency within these industries “appears to be attributable to more consistent external risk (more consistent targeting of these companies by threat actors) and better security controls being applied by security teams regardless of the scale of organizational assets.”
“This is the first time the cybersecurity strength of the nation's businesses has been measured in this detail,” FICO's Clare said. “Our analytics measure and monitor billions of cyber risk indicators, and we use machine learning to produce a forward-looking metric for measuring cyber risk. The ABC is a benchmark based on this empirical calculation.”
Over time, the ABC will be an indicator of how security is improving or deteriorating at the national and sector levels.
Meanwhile, businesses can obtain free FICO Cyber Risk Scores as a security-effectiveness assessment and “understand how business partners view their cybersecurity hygiene,” Clare said. “In addition to self-assessment, businesses can use the full version of the FICO Cyber Risk Score offering to monitor the security risk of third-party and fourth-party partners and vendors. It's a 360-degree view of your cybersecurity risk exposure.”
“With the ABC, businesses now have a comparative benchmark for understanding their collective cybersecurity risk,” said Christopher Roberti, senior vice president for cyber intelligence and security policy, U.S. Chamber of Commerce. “Businesses are on the front line of cybersecurity threats. Their risk impacts our economy's health and our national security. That's why we are pleased to partner with FICO to ensure businesses know their level of security. Organizations can obtain their Cyber Risk Score and use the ABC to measure their risk, know the risk of their sector, and take steps to improve their risk posture.”
The U.S. Chamber has an ongoing Cybersecurity Campaign – FICO is presenting sponsor as well as a supporter of the chamber's Principles for Fair and Accurate Security Ratings. The Chamber is supporting two bills “that would improve the government's ability to address cyber concerns in a coordinated and effective way,” president and CEO Thomas Donohue said on October 15.
“The Cybersecurity and Infrastructure Security Agency Act would restructure the Department of Homeland Security's cyber directorate to facilitate engagement with the business community before, during, and after cyber incidents,” Donohue said. “We expect the bill to be ready for the president's signature this fall.
“The Cyber Diplomacy Act would consolidate cyber and digital economy issues in one office within the State Department and confer the rank of ambassador to the office's director, which would allow high-level diplomatic engagement with foreign partners around the world,” the Chamber CEO continued. “It has passed the House and is awaiting action in the Senate.”
2019年FRM備考群 835405115 FRM資訊&資料隨時分享，與眾多FRM持證人交流考試經驗。