In the US, the Risk Management Association is making a new tool available to member institutions to help them confront the ever-growing challenge of cybersecurity.
RMA’s Operational Risk Council has created “Cyber Risk Metrics” that will guide institutions in assessing and managing cyber risk across various enterprise-wide dimensions.
RMA’s new cyber risk tool provides a framework to assess vulnerabilities; incidents; events and breaches; patch and account management; third parties; cyber risk awareness training; and audit findings and risk ratings. For example, metrics in the area of patch and account management include the average number of open patches per device and the percentage of high-severity vulnerabilities patched within 30 days.
The metrics call attention to both key risk indicators and key performance indicators.
RMA’s Definitive Cyber Risk Metrics are available at no charge to RMA members. An article on the metrics is included in the current issue of The RMA Journal.
“On behalf of RMA, I would like to thank the Operational Risk Council for their work in developing RMA’s Definitive Cyber Risk Metrics,” said Edward J. DeMarco Jr., RMA’s Chief Administrative Officer, General Counsel, and Director of Operational Risk.
“The metrics are an indispensable tool for financial institutions as they fight off constant threats to themselves, their customers, and the entire financial system.”
The post #Privacy: RMA develops cyber metrics tool for financial institutions appeared first on PrivSec Report.