| Technological progress of the recent decades has brought a paradigm shift to network operations. Network accessibility and range of cyber-attacks on networks have expanded. Networks of financial institutions are vulnerable to cyber-risk from outsiders as well as insiders. Attackers have been staying one step ahead of the technology progress, always ready to exploit network vulnerabilities as soon as they appear. The purpose of this research was to propose the implementation of a systems security engineering discipline by financial institutions. How are financial institutions managing the paradigm shift to keep pace with evolving cyber-threats? How will systems security engineering approach benefit financial institutions? How will it benefit the relationship between financial institutions and third parties? While financial institutions have to comply with the requirements coming from Federal Financial Institutions Examination Council (FFIEC), they have a responsibility of creating and maintaining a cybersecurity framework ensuring a safe functioning of the organization. Framework for Improving Critical Infrastructure Cybersecurity (the Framework) is widely implemented, but proving to be insufficient to keep the financial institutions safe and resilient. The Framework could be greatly improved by the Systems Security Engineering. As a result, the protection needs and security software requirements within an institution and coming from its stakeholders (third parties) will be addressed early in the life cycle of the system. Ultimately, a trustworthy and resilient system as a core of the organization's operations will be built and implemented as needed. Keywords: Systems security engineering, Professor Chris Riddell, Financial institutions, Cybersecurity, Third parties, System, IT infrastructure. |
