
Explanation:
The Basel Committee report on cyber-resilience does not mandate the development of a cyber-security strategy in most jurisdictions. While it is true that cyber-security is a critical aspect of information security, the report does not require regulated entities to have a standalone cyber-security strategy. Instead, the focus is on having a board-approved information security strategy, policy, and procedures that effectively oversee technology. This includes, but is not limited to, cyber-security. Therefore, the statement that 'In most jurisdictions the development of a cyber-security strategy is a mandatory requirement anchored in law' is incorrect.
Choice A is incorrect. The Basel Committee report does indeed state that all regulators expect regulated entities to have a board approved information security strategy. This is part of the broader framework for managing cyber risk and ensuring cyber resilience.
Choice B is incorrect. According to the Basel Committee report, most jurisdictions have included cyber-risk within their broader risk management frameworks. This integration allows for a more comprehensive approach to managing and mitigating risks associated with cybersecurity.
Choice C is incorrect. It's true that most supervisors review regulated entities' information security strategies, but very few require or evaluate those entities' standalone cyber-security strategies as per the Basel Committee report.
Ultimate access to all questions.
No comments yet.
Q.4269 With respect to cyber security strategy as outlined in the Basel Committee report on cyber-resilience, all of the following statements are correct EXCEPT?
A
All regulators expect regulated entities to have a board approved information security strategy
B
Most jurisdictions have included cyber-risk within their broader risk management frameworks
C
Most supervisors review regulated entities' information security strategies, but very few require or evaluate those entities' standalone cyber-security strategies.
D
In most jurisdictions the development of a cyber-security strategy is a mandatory requirement anchored in law