Page 157 - Kaleidoscope Academic Conference Proceedings 2021
P. 157

Connecting physical and virtual worlds




               management and budgeting; and Internal/external audit   frameworks  observed in reverse. This capability clearly
               and compliance. The last  and most critical group   illustrates control coverage gaps  between the two
               involves the digital systems and  value creation   frameworks.
               processes. Relations  with this group  with others in   With the ability to navigate and visualize any aspect of one’s
               security are  often contentious. The result is often a   state of security to increasing levels of precision, one can
               poorly defined target understanding, the one element   focus  on analysis and  design and not  searching and
               that unifies everyone. These specialization silos do not   converting form to consume.
               communicate   well  and   do  not   coordinate
               interdependencies well. The result of this friction is the
               very weak interoperability and correlation confidence
               between threats-to-targets, a clear understanding of the
               resulting risk from likelihood and impact assessments,
               and the fiduciary requirement to reduce residual risk to
               acceptable levels.
             2.  IMMEDIATE CAPABILITY ENHANCEMENT
           The technology provides the immediate ability for an expert
           or a novice practitioner to ingest “any and all” existing and
           future frameworks  and their mappings from the body  of
           knowledge, consume and  adapt these  frameworks and
           mappings for their own purposes.
           Figure 4 illustrates the NIST CSF 1.1 mapping of an external   Figure 5 – FSSCC-to-NIST CSF in technology
           control (Orange Pentagon) to FSSCC framework objectives
           as internal controls (Blue Circle) in the technology platform.   The author has been engaged  with the World Economic
           Objectives and their  mappings to other  frameworks are   Forum (“WEF”) Center for Cybersecurity and its publication
           clearly visible.                                   entitled “Systems Cyber Resilience: Secure and Trusted
                                                              FinTech.” [1] as indicated by their citation in Contributors
                                                              on page 33.
                                                              “With thanks  to: Ghiyazuddin  Mohammad,  Alliance for
                                                              Financial Inclusion (Malaysia); Jacques Francoeur, ITU-T
                                                              Study  Group 17: Security; The  Monetary Authority  of
                                                              Singapore; Troy Leach, CTO Payment Card  Industry
                                                              Security Standards Council; Curtis Dukes and Phyllis Lee,
                                                              Center for Internet Security; Josh Magri and Alan Carroll,
                                                              Cyber Risk Institute.”
                                                              “Consortium members  asked,  how can less mature
                                                              FinTech companies  connect  with very mature

                                                              organizations while maintaining a level of cybersecurity
                Figure 4 – FSSCC-to-NIST CSF in technology    risk that is  understood by all parties, accepted and
                                                              manageable?”
           The  benefits of the  frictionless freedom to see and travel   “The Consortium’s  recommendations support the  scaling
           through both the existing public body of knowledge and an   and  adoption of  frameworks that provide clear  and
           organization’s  customized  state-of-security  posture,  actionable cybersecurity guidelines  to FinTechs to
           provides the freedom to customize. The capability to select   enhance the security of the wider financial services supply
           and “see” or visualize any reference anchor framework, and   chain.”
           immediately see the objectives at all de-compositional levels
           and their  provided maps to  other frameworks is a  game   Several of the reports key challenge conclusions and
           changer. Change the reference framework on demand, and   recommendations can be addressed by the technology. It is
           see a new world defined by the new anchor framework but   important to  understand that the technology is  knowledge
           involving the same  maps.  The capability to “travel”  or   and framework agnostic,  being able to  process any
           navigate like an MRI, to any “area of concern,” and travel   framework. This even includes privacy controls.
           down for  higher precision  levels  to find  context  specific   The following  section  will describe the  model and
           knowledge allows an effortlessly focus on analysis and not   foundation of the technology platform.
           information searching and manipulation.
           Figure 5 illustrates the higher ability in “bi-view” to create   3.  SECURITY VULNERABILITY EXPRESSIONS
           two parallel but independent views to compare two anchor
           frameworks and their maps. On the left in blue using the   Security  vulnerability  expressions  (“Vulnerability
           FSSCC framework as the  reference anchor  with CSF  1.1   Expressions”)  capture the  natural one-to-one relationships
           Maps.  On the right in  orange comparing the same two   (mappings) between threats-to-value asset vulnerabilities,





                                                           – 95 –
   152   153   154   155   156   157   158   159   160   161   162