
Ultimate access to all questions.
Explanation:
The Basel Committee report on cyber-resilience does not mandate the development of a cyber-security strategy in most jurisdictions. While it is true that cyber-security is a critical aspect of information security, the report does not require regulated entities to have a standalone cyber-security strategy. Instead, the focus is on having a board-approved information security strategy, policy, and procedures that effectively oversee technology. This includes, but is not limited to, cyber-security. Therefore, the statement that 'In most jurisdictions the development of a cyber-security strategy is a mandatory requirement anchored in law' is incorrect.
Choice A is incorrect. The Basel Committee report does indeed state that all regulators expect regulated entities to have a board approved information security strategy. This is part of the broader framework for managing cyber risk and ensuring cyber resilience.
Choice B is incorrect. According to the Basel Committee report, most jurisdictions have included cyber-risk within their broader risk management frameworks. This integration allows for a more comprehensive approach to managing and mitigating risks associated with cybersecurity.
Choice C is incorrect. It's true that most supervisors review regulated entities' information security strategies, but very few require or evaluate those entities' standalone cyber-security strategies as per the Basel Committee report.
Things to Remember
No comments yet.
Q.4269 With respect to cyber security strategy as outlined in the Basel Committee report on cyber-resilience, all of the following statements are correct EXCEPT?
A
All regulators expect regulated entities to have a board approved information security strategy
B
Most jurisdictions have included cyber-risk within their broader risk management frameworks
C
Most supervisors review regulated entities' information security strategies, but very few require or evaluate those entities' standalone cyber-security strategies.
D
In most jurisdictions the development of a cyber-security strategy is a mandatory requirement anchored in law