ORX CISR programme:
Improving cyber and information security risk management
We're currently working on a programme to support firms with their day-to-day cyber and information security risk (CISR) management. This is an element of our material risks in focus work, which takes a single risk type and looks in detail at how we can support institutions to manage it.
The cyber challenge
Cyber and information security are some of the most concerning risks facing the industry today. Boards, regulators and senior management want to know that these risks are being effectively managed.
The challenge operational risk professionals face is how to manage cyber and information security risks with limited data and information. How can you understand your experiences and exposure and compare them with your peers? How do you know if you are taking the right risk management actions?
This is where ORX can help. We are supporting firms to:
- Understand their risk exposure for cyber and information risk
- Improve how they respond to and actively manage the risk
A global community of experts
To help us work out how we can best support operational risk functions, we've created a working group of cyber and information security experts from among a variety of our member firms. We have over 50 financial organisations involved in the initiative so far.
If you want to know more about this programme, then you can take a look at the results and outputs on this page, or get in touch with us to find out more.
CISR programme outputs
A library of controls and indicators
As part of this programme, we've created a library of controls and indicators used for cyber risk management. This library allows firms to compare themselves against other organisations and see where they could enhance their practices.