Page 23 - Digital Financial Services security assurance framework
P. 23
context appropriately, adequate identification of with all the DFS stakeholders which helps to secure
risks, multi-stakeholder risk analysis and evaluation. endorsement and support for the risk treatment
The communication with management gives a plat- plans based on relevant and accurate view of the
form for a broader consultation and process review risks within the ecosystem.
Figure 10 - Plan, Do, Check, Act
A PLANLAN
ACTCT
P
E
Establish context and develop risk stablish context and develop risk
T assessment and treatmentssessment and treatment
Treat Risks: this involves taking corrective reat Risks: this involves taking corrective
a
I
a In this step stakeholders in the DFS ecosystem n this step stakeholders in the DFS ecosystem
and preventive actions, based on the results of nd preventive actions, based on the results of
an evaluation like an audit or actions to evaluation like an audit or actions to
identify assets, threats and vulnerabilities that entify assets, threats and vulnerabilities that
an id
c
could affect the assets and their level of ould affect the assets and their level of
combat an incident.ombat an incident. c
impact.mpact.
i
D
CHECKHECK DOO
C
Monitor and review: this involves assessing onitor and review: this involves assessing
M R
Risk Mitigation: In this step DFS stakeholders isk Mitigation: In this step DFS stakeholders
mitigate security threats and vulnerabilities by itigate security threats and vulnerabilities by
and measuring security performance of DFS nd measuring security performance of DFS
a m
assets against security checklists both internal ssets against security checklists both internal i implementing security controls, processes, mplementing security controls, processes,
a
and external like regulators. nd external like regulators. a and procedures.nd procedures.
a
Digital Financial Services Security Assurance Framework 21
