Shinhan Financial Group said on Sunday it has become the first in the finance sector to apply a “financial security level assessment framework” on site at major group affiliates.
The application is the first domestic case of a financial company moving away from passive, regulation-compliance-focused security management to a self-directed security system in which it diagnoses its own security level and upgrades it step by step.
The “financial security level assessment framework” is a self-directed security management system prepared by the Financial Security Institute in February. Self-directed security goes beyond checking compliance with financial authorities’ rules, and instead has financial companies diagnose their own security capabilities, set target levels and improve proactively.
The framework consists of 7 areas — governance, identification, protection, detection, response, recovery and supply chain — with 45 items and 127 detailed principles. It is designed to allow financial companies to set four maturity targets — initial, foundational, advanced and high-level — and raise security levels in stages.
Financial companies have complied with financial authorities’ security rules in a checklist format, but there has been criticism that this has limits in systematically diagnosing and upgrading actual security levels. The framework is an attempt to address those limits, and Shinhan Financial has moved first in the industry to introduce it on site.
Shinhan Financial said five group companies, including the holding company as well as its bank, card, securities and life units, carried out a joint assessment with the Financial Security Institute for two months starting in early last month.
The assessment was conducted by affiliate through self-assessment (5 days), on-site interviews (5 to 7 days) and results reporting (10 days). Staff from the holding company took part crosswise in assessments of subsidiaries to ensure consistency in group-wide assessment standards. The Financial Security Institute’s self-directed security research team participated throughout the process, from working-level training to joint assessments and coaching on drafting the results report.
Shinhan Financial said it plans to use the assessment to identify improvement tasks that reflect each affiliate’s business characteristics and IT and security environment. It also plans to prepare a group-tailored self-directed security assessment guide and expand it in stages to all subsidiaries.
A Shinhan Financial Group official said, “Shinhan Financial conducted a joint assessment with the Financial Security Institute to proactively embed a self-directed security system and enhance practical security levels.” The official said, “Based on this application case, we will establish group-level self-directed security standards and best practices and continue to play a leading role in future discussions on security standards in the financial sector.”
Click Here For The Original Source
