Singapore’s Monetary Authority (MAS) advises cyber exercises in TRM guidelines
Date: 13 April 2021
The Monetary Authority of Singapore (MAS) has recently released revised Technology Risk Management (TRM) guidelines to combat the growing threat of cyber risk in the financial sector. The revised TRM guidelines acknowledge the fact that the Financial Services sector in Singapore is going through a massive digital transformation and concomitantly the threat to the space from cyber crime is rising rapidly.
While recommending that every financial institution take cognizance of its risk exposure and evaluate if its technology framework is equipped enough to ensure cyber resilience, MAS TRM guidelines 2021 also include some extremely useful and relevant best practices to ensure that the country’s financial services sector rides the digital wave safely.
Amongst these best practices, section 13.3 of the MAS TRM compliance checklist covers the critical aspect of Cyber Security Assessment. This section talks of Cyber Exercises as a vital step forward towards ensuring cyber resilience of the business. The TRM guidelines 2021 specifically advise regular scenario-based cyber exercises that validate the organisation’s response and recovery as well as communication plans against cyber threats.
Section 13.3.1 reads: “The FI should carry out regular scenario-based cyber exercises to validate its response and recovery, as well as communication plans against cyber threats. These exercises could include social engineering, table-top, or cyber range exercises.”
Cyber Management Alliance had begun to emphasise the growing importance of Cyber Crisis Tabletop Exercises in early 2020 – before the advent of the COVID-19 pandemic unleashed a series of cyber-attacks and made the importance of such exercises more pronounced than ever. Read more about our opinion on these exercises here.
If you’re interested in knowing more about similar regulations in other leading economies, we have a concise blog on SAMA, QCB & NESA Regulations on Business Continuity Planning, Testing & Cyber tabletop exercises created for an easy reference that you can read here. In this blog, we further delve into why our clients who conduct ISO 27001 audits are now including cyber tabletop exercises audits in their audit schedules.
As leaders in delivering scenario-based Cyber Tabletop Exercises, we at Cyber Management Alliance make sure that our workshops truly challenge an organisation to gauge the effectiveness of its incident response plans and to evaluate if all key decision-makers are equipped with the right knowledge and skills to act promptly in case of a crisis.
As per section 13.3.2 of the revised MAS TRM guidelines, “Depending on the exercise objectives, the FI (Financial Institutions) should involve relevant stakeholders, including senior management, business functions, corporate communications, crisis management team, service providers, and technical staff responsible for cyber threat detection, response and recovery.”
At Cyber Management Alliance, we work very closely with our clients to ensure that the scenario that is rehearsed during the exercise is pertinent to the business and that the right stakeholders are invited to participate in the exercise – two important aspects that MAS has specified in its revised Technology Risk Management guidelines 2021.
Some of the other USPs of our Cyber Crisis Tabletop Exercises include:
- Our Cyber Crisis Exercises are known in the industry to be amongst the most interactive and engaging leading to maximum stakeholder participation and output.
- They are structured as a combination of scenario walkthroughs and engaging and practical exercises.
- They are followed up with a comprehensive report with an easy-to-understand maturity scoring system.
- The facilitator of our Cyber Exercises is one of the world’s most renowned and sought-after cybersecurity practitioners and CISOs, our CEO and Co-Founder, Amar Singh. Our clients benefit from his unique perspective on their incident response capabilities and also gain from his vast pool of knowledge and experience during the workshop.
If you are interested in following the best practices that are highlighted in the revised MAS TRM guidelines and in conducting a cyber exercise that truly tests your best defences and enables you to become more cyber resilient than ever, do check out more details about our Cyber Tabletop Exercises here.
You may also be interested in reading about how you can prepare for a successful cyber exercise here and 5 requirements for an effective cyber exercise here. Are you worried if a remote cyber exercise will be good enough to meet the needs of your organisation?
Check this blog out to know more about the advantages of remote cyber exercises.