ORX CISR programme:
Improving cyber and information security risk management
We're currently working on a programme to support firms with their day-to-day cyber and information security risk (CISR) management. This is an element of our material risks in focus work, which takes a single risk type and looks in detail at how we can support institutions to manage it.
The cyber challenge
Cyber and information security are some of the most concerning risks facing the industry today. Boards, regulators and senior management want to know that these risks are being effectively managed.
The challenge operational risk professionals face is how to manage cyber and information security risks without sufficient data and information. How can you understand your experiences and exposure and compare them with your peers? How do you know if you are taking the right risk management actions?
This is where ORX can help. We are supporting firms to:
- Understand their risk exposure for cyber and information risk
- Improve how they respond to and actively manage the risk
A global community of experts
To help us work out how we can best support operational risk functions, we've created a working group of cyber and information security experts from among a variety of our member firms.
This community has identified key activities for us to explore:
- Information sharing
- Events and interaction
ORX CISR programme resources
Join the ORX CISR programme
Your firm can take part in this programme, even if you're not currently a member of ORX. Being part of the cyber programme will give you insights into cyber and information security risk management that you can't get elsewhere, and give you access to a global network of experts and peers.
How are we doing it?
We are currently focusing on two primary areas of the overall project, which are running simultaneously:
- Information sharing
- Governance and management practice standards
Within each of these is a number of smaller workstreams concentrating on specific aspects of the cyber and information security challenge.
Bringing the industry together
As well as looking at information sharing and practice, we are also providing lots of opportunities for collaboration. We've been having regular working group meetings for those involved in the various workstreams, and we have a roundtable planned for November. The roundtable will give the participants to meet face-to-face for a full day of in-depth discussions.
The year so far in cyber risk...
(Stats from the ORX News service, 1 January 2019-16 September 2019)