On Dec. 11, MAC MA issued guidelines on cyber risk management.
MAC MA issued Guideline on technology and cyber risk management; offers principles and best practices for managing technology and cyber risks in financial institutions.
Document dated Dec. 11, 2023, received from MAC MA Dec. 18, summarized Dec. 20.
Key Features
Applicable to range of financial institutions including credit institutions, financial companies, cash remittance companies, and asset management companies.
Identifies risks including IT system failures, data loss, and operational disruptions.
Comprises six domains including risk management framework, governance, IT project management, service operations, cybersecurity, and response and recovery.
Emphasizes the establishment of a comprehensive risk management framework, including risk identification, assessment, mitigation, monitoring, review and reporting.
Outlines role of board, senior management in risk management, strategy formulation.
Recommends consistent IT project management, and secure system development.
Encourages consistent IT project management and secure system development practices; focuses on governance for stable and secure IT operations.
Underlines the need for strong cyber resilience and effective security controls, as well as outlines the necessity for plans to respond to disruptions and recover services.
Also includes aspects like budget and resource allocation, qualified staffing, third-party management, audit and compliance, IT asset management, and situational awareness.
Effectiveness
Authorized institutions are expected to comply with this guideline within 12 months.