Page 23 - FIGI Digital Financial Services security assurance framework

P. 23

Figure 10 - Plan, Do, Check, Act

A
C
C
A A
A
A
C
N
T
T
N
T
N
A ACT P PLAN
L
L
L
P P
e
e
d
e
b
p
d
p
v
v
o
o
a
d
d
b
e
c
a
c
E Establish context and develop risk
k
a
o
k
o
e
e
E E s s s t t t a b l l l i i i s s s h c o n t t t e x x x t t t a n d d e v e l l l o p r r r i i i s s s k
n
h
n
n
n
h
a
a
a
a assessment and treatment
e
e
n
n
d
n
d
m
m
a
a
e
n
e
n
e
T Treat Risks: this involves taking corrective
a
e
T T r r r e a t t t R i i i s s s k s s s : t h is in v o l v e s t a k in g c o r r e c t iv e a a s s s s s s e s s s s s s m e n t t t a n d t t t r r r e a t t t m e n t t t
e
e
R
R
a
e
e
k
m
m
n
k
e

t
l
eh
n
a
t
s
s
s
s
y
s
i
c
d
s
er
o
n
t
e
o
i
ep
h
and preventive actions, based on the results of
a n d p r ev e n t i v e a c t i o n s , b a s ed o n t h e r es u l t s o f I In this step stakeholders in the DFS ecosystem
D
F
k
t
t
em
S
h
o
n
at
ac
l
t
r
n
an
i
an evaluation like an audit or actions to id e n t if y a s s e t s , t h r e a t s a n d v u ln e r a b ilit ie s t h a t
t
k
s
i
identify assets, threats and vulnerabilities that
e
d
i
v
an
i
al
au
o
u
e
o
t
o
f
c
f
a
e
e
o
s
l
d
n

a
l
ei

t
d
combat an incident.
r
c
c o m b a t a n i nc i d e nt . could affect the assets and their level of
th
f
ts
t
s
o
e

u
h
e
el
a
v
c
a
mp
i impact. .
t
H
C
K
K
K
E
E
C
E
C
O
H
D D
C CHECK D DO
C C
O
H
O
F

st
a
S
i
i
e
s
i
r
h
e
k
d
l
o
o
s st
i
:
e

t
n
I
h
n
n
o
o
D
:
:
n
p
k
k
o
s
s
k
M M o n i i i t t t o r r r a a a n d r r r e v i i i e w : : : t h i s i n v o l v e s a sse ssi n g R Risk Mitigation: In this step DFS stakeholders
M
v
M

s
n
w
w
n
e
e
o
i
i
e
M Monitor and review: this involves assessing
e
i R R
M
g
n
a
o
g
g
a
t
t
t
a
n
o
d
i
v
t
d
i
i
i
i
i
t
t
c
m
n
a
n
d
i
ea
r
t
y
p
o
u
r
er
m
f
F
g

f
D
S
r
u
i
mitigate security threats and vulnerabilities by
n
s
a
and measuring security performance of DFS m it ig a t e s e c u r it y t h r e a t s a n d v u ln e r a b ili t ie s b y
ec
s
e o
y
o

t
r
st
n
u
r
c
p
g
l
i
r
i
sec
,
t
o
s

a
n
r
u
e
l
a
n
i
h
ss
t
r
n
m
n
g
e
i
t
n
a assets against security checklists both internal i implementing security controls, processes, ,
p
ec
s
em
l
c
c
s
l

k
o
a
c
e
es
h
i
es
o
s
i
t
t
et
y
st
s
b
a and external like regulators. a and procedures. .
n
a
t
o
l
eg
u
e
c

d pr
n
o
r
s
.
n
s
e
er
d
ex
t
a
k
e r
du
i
l
l
r
Digital Financial Services Security Assurance Framework 21

18 19 20 21 22 23 24 25 26 27 28