This study presents a comprehensive guide for cybersecurity and data privacy risk analysis, aimed at strengthening regulatory compliance in Peruvian banking entities. Utilizing the NIST CSF 2.0 and NIST SP 800-37 frameworks, it precisely identifies the set of regulatory obligations as well as the vulnerabilities and threats impacting the information assets of financial institutions. The proposed methodology encompasses everything from risk identification and assessment to the design of specific security controls, enabling entities to anticipate and effectively respond to the ever-changing dynamics of the digital and regulatory environments. The obtained results demonstrate that the implementation of this guide not only optimizes risk management but also serves as a strategic tool to ensure the integrity, confidentiality, and availability of information. In this regard, the study highlights the importance of adopting a proactive and systematic approach that fosters resilience and innovation within the banking sector. This work stands as a significant contribution, offering precise guidelines that encourage institutions to transform their security practices and prepare for the technological challenges of the future.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Guidance for Cybersecurity and Data Privacy Risk Analysis for Compliance Assurance of Banking Entities

  • Edinson Tavara,
  • Fernando Huamán Monzón,
  • Manuel Tupia

摘要

This study presents a comprehensive guide for cybersecurity and data privacy risk analysis, aimed at strengthening regulatory compliance in Peruvian banking entities. Utilizing the NIST CSF 2.0 and NIST SP 800-37 frameworks, it precisely identifies the set of regulatory obligations as well as the vulnerabilities and threats impacting the information assets of financial institutions. The proposed methodology encompasses everything from risk identification and assessment to the design of specific security controls, enabling entities to anticipate and effectively respond to the ever-changing dynamics of the digital and regulatory environments. The obtained results demonstrate that the implementation of this guide not only optimizes risk management but also serves as a strategic tool to ensure the integrity, confidentiality, and availability of information. In this regard, the study highlights the importance of adopting a proactive and systematic approach that fosters resilience and innovation within the banking sector. This work stands as a significant contribution, offering precise guidelines that encourage institutions to transform their security practices and prepare for the technological challenges of the future.