"Financial institutions are facing a new reality: cyber-resilience has passed from being a best practice, to an operational necessity, to a prescriptive regulatory requirement. Crisis management or Tabletop exercises, for a long time relatively rare in the context of cybersecurity, have become required as a series of regulations has introduced this requirement to FSI organizations in several regions, including DORA (Digital Operational Resilience Act) in the EU; CPS230 / CORIE (Cyber Operational Resilience Intelligence-led Exercises) in Australia;"
"What makes complying with these regulatory requirements complex is the cross-functional collaboration between technical and non-technical teams. For example, simulation of the technical aspects of the cyber incident - in other words, red-teaming - is required, if not precisely at the same time, then certainly within the same resilience program, in the same context, and with many of the same inputs and outputs. This is strongest in the regulations based on the TIBER-EU framework, particularly CORIE and DORA."
"As requirements become more prescriptive, and best practices become more established, what used to be a tabletop exercise driven by a simple Excel file with a short series of events, timestamps, personas and comments, has grown into a series of scenarios, scripts, threat landscape analyses, threat actor profiles, TTPs and IOCs, folders of threat reports, hacking tools, injects and reports - all of which must be reviewed, prepared, rehearsed, played, analyzed, and reported, at least once per year, if not per quarter, if not continuously."
Financial institutions face prescriptive regulatory requirements making cyber-resilience mandatory. Crisis management and tabletop exercises are now required across multiple jurisdictions including the EU, Australia, Singapore, the UK, the US, and Saudi Arabia. Compliance demands cross-functional collaboration between technical and non-technical teams and integration of red‑teaming within resilience programs. Exercise scope has expanded from simple Excel-driven event lists to detailed scenarios, scripts, threat landscape analyses, threat actor profiles, TTPs, IOCs, toolsets, injects, and reports. All artifacts must be prepared, rehearsed, played, analyzed, and reported regularly—often annually, quarterly, or continuously—exceeding the capabilities of ad hoc spreadsheet approaches.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]