ISSA Cyber Security Guidance Paper – Responding to a cyber-attack on a Securities Services participant
The ISSA Working Group has published «Cyber Security Guidance Paper – Responding to a Cyber-attack on a Securities Services Participant».
The document can be found here.
This document provides guidance for the incident management processes of Securities Services participants and utilizes the most impactful scenarios identified in the 2018 ISSA paper, Cyber Risk Management in Securities Services, to develop Considerations that may enhance the playbooks used by securities servicers during a material cyber event.
More specifically, this document is based on two scenarios.
- In the first scenario, a CSD is compromised by a material operational event.
- In the second, the material operational event occurs at a large Custodian.
For these scenarios, this paper proposes Considerations for both the compromised CSD or compromised Custodian and other non-compromised organizations in the Securities Servicers value chain. The Working Group believes that these Considerations are applicable to any disruption, regardless of the cause of the service interruption. These actions are not exhaustive and should be based on the size, type.