G7 releases cyber security guidelines for financial sector

The Group of Seven (G7) released a set of cyber security guidelines for the financial sector on Tuesday, in an attempt to help protect the sector from cyber threats.

A three-page document detailing the guidelines – which officials described as non-binding principles – has been posted on the websites of each G7 government.

The guidelines consist of eight elements:

  1. Cyber security strategy and framework
  2. Governance
  3. Risk and control assessment
  4. Monitoring
  5. Response
  6. Recovery
  7. Information sharing
  8. Continuous learning

It’s no secret that the financial sector has been struggling to contain cyber threats. In February this year, $81 million was stolen from the Bangladeshi central bank’s account at the Federal Reserve Bank of New York.

The guidelines state: “Cyber risks are growing more dangerous and diverse, threatening to disrupt our interconnected global financial systems”.

Cyber security strategy and framework

The first element of the guidelines, “Cyber security Strategy and Framework”, says that organisations should “Establish and maintain a cyber security strategy and framework tailored to specific cyber risks and appropriately informed by international, national, and industry standards and guidelines.”

Alan Calder, the founder and executive chairman of IT Governance, said that this element highly recommends organisations look to ISO 27001:

“ISO 27001 is the internationally recognised standard for designing and implementing industry-appropriate risk and cyber security management systems. It is only logical that the financial sector should use ISO 27001 – or, even better, the entire ISO 27000 family – to battle the ever-present cyber threat.”

Get to grips with ISO 27001

The sensible suggestion to implement ISO 27001 isn’t just directed at financial institutions, it’s suitable for organisations of all shapes and sizes.

To give yourself a quick run through of ISO 27001, and to learn how smart organisations are protecting their reputations and their critical information assets, I recommend downloading our free green paper: Cyber Security & ISO 27001.