On October 11, 2016, the finance ministers and central bank governors of the Group of 7 (G-7) countries announced the publication of the Fundamental Elements of Cybersecurity for the Financial Sector, a non-binding guidance document for financial sector entities.  The publication  describes eight fundamental “elements” of effective cybersecurity risk management to guide public and private sector entities in designing cyber security programs based on their specific risk profile and culture.  The goal of the G-7 is to provide a common framework for the financial sector to develop security programs that will “help bolster the overall cybersecurity and resiliency of the international financial system.”

The eight elements describe the core components of a comprehensive cybersecurity program, while leaving the strategic and operational details to each entity.  The publication is not intended to serve as a binding, one-size-fits-all set of requirements; rather, it describes high-level programmatic “building blocks” that each entity can customize to its own security strategy and operating structure.  Each entity should tailor its application of the elements based on an evaluation of its “operational and threat landscape, role in the sector, and legal and regulatory requirements,” and be informed by its specific “approach to risk-management and culture.”Continue Reading G-7 Publishes Fundamental Elements of Cybersecurity for the Financial Sector