Cyber security is not just an issue for the IT department. It is a business risk that affects everybody. Report: Cyber and the CFO

The Cyber Assessment Framework was developed by the NCSC Related National Cyber Security Centre (NCSC)

The Cyber Resilience Assessment Framework (C-RAF) was designed to help Hong Kong financial services organisations evaluate their ability to prepare for, respond to, and recover from cyber threats and incidents. C-RAF 2.0 provides a systematic approach for assessing critical systems, processes, and governance, focusing on strengthening resilience against evolving cyber risks. C-RAF was developed by the HKMA and is applicable for all Authorised Institutions, known as AIs, the banks and financial services organisations under HKMA supervision. ...

Cyber resilience frameworks provide practitioners with a structured approach to manage and mitigate cybersecurity risk, ensuring organisations can identify, respond and recover from a range of evolving threats. Frameworks such as the NIST Cybersecurity Framework (CSF) and ISO 27001, offer best practices, example controls, and guidelines to strengthen security posture, align with regulatory requirements, and build operational resilience. By adopting a suitable framework, organisations can improve governance, increase the ability to respond to incidents, safeguarding critical systems, data, and processes. ...

Cyberark is a cybersecurity vendor that specialises in privileged access management (PAM) solutions, helping organizations secure, manage, and monitor privileged accounts and credentials. Related pages Privileged access management Keyvault

Tenable CrowdStrike

A data breach can be defined generally as when sensitive or confidential information is accessed or disclosed without authorisation. The UK Information Commissioner defines a personal data breach as: .. a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. This includes breaches that are the result of both accidental and deliberate causes. UK Information Commissioner’s Office

Data classification is the process of organising data into categories based on sensitivity and criticality to the organization. This process is crucial for effective risk management, as it enables organisations to identify and prioritise the protection of their most valuable and sensitive information assets. By understanding the different levels of risk associated between data types, organisations can implement security controls and procedures to mitigate threats, comply with regulatory requirements, and minimise the impact of data breaches. ...

As organisations increasingly operate in digital environments, they are creating and handling ever-increasing volumes of sensitive data, including customer information, employee records and confidential business data. This will also include personal data, a special category that carries additional legal protections and obligations. A robust data classification and labelling process is therefore essential for managing information security and meeting these legal and regulatory obligations. What is Data Classification? Data classification involves categorising data based on its sensitivity and potential impact if compromised. Examples include: ...

Data loss prevention (DLP) helps organisations protect sensitive information from loss, misuse, or unauthorised access. DLP is a strategy and set of tools designed to prevent sensitive information from leaving an organisation’s control or being accessed by unauthorised users. It works by identifying, monitoring, and protecting data in three states: when it’s being used, when it’s being transferred (such as over a network or email), and when it’s stored on devices or servers. DLP tools use content inspection and security analysis to achieve this. ...

What is data privacy? Data privacy refers to the proper handling, processing, storage, and use of personal information to protect the confidentiality and integrity of individual’s data. It ensures that personal information is not only secured, but also remains accurate, and is only used for its intended use. Data privacy encompasses the policies, procedures and practices that organisations adopt to ensure personal data is collected, used, and shared in a lawful and transparent manner. These practices must comply with legal obligations such as GDPR and other application data protection laws, and must extend beyond the organisation itself to include third-party vendors such as data processors who may also be handling the data. ...

Data protection refers to the practices, safeguards, and rules put in place to protect personal information and ensure that individuals’ privacy rights are respected. Data protection procedures in an organisation will involve the secure handling of data to prevent unauthorised access, disclosure, alteration, or destruction. Effective data protection measures are essential for maintaining trust, and for compliance with legal and regulatory requirements. Related pages Data privacy Data classification Data disposal Worldwide data transfer Data controller Data processor Data subject rights Data breach

A data subject is an individual (natural person) whose personal data is collected, held, or processed by an organisation. Under GDPR and other related laws, data subjects have specific rights regarding their personal data, including the right to access, correct, and request the deletion of their data. Further reading Data Subject Definition in the GDPR act Related pages GDPR

Risk management failures often stem from flawed thinking. History is full of examples where cognitive biases led to catastrophic misjudgements. For example, during the 2008 financial crisis, confirmation bias led many investors and financial institutions to downplay warning signs of an unsustainable housing bubble, focusing only on data that supported continued growth while dismissing contradictory evidence. Similarly, overconfidence bias contributed to excessive risk-taking at firms like Lehman Brothers, where executives underestimated exposure to market downturns. ...