Front Matter
Author:
International Monetary Fund. Monetary and Capital Markets Department
Search for other papers by International Monetary Fund. Monetary and Capital Markets Department in
Current site
Google Scholar
PubMedClose
Publication Date:
12 Aug 2020
eISBN:
9781513553146
ISBN:
9781513553146
Language:
English
Keywords:
ISCR; CR; cybersecurity incident; cybersecurity risk; incident report; NSM cybersecurity principle; FSA plan; incident information; information sharing; risk management; cybersecurity risk supervision; oversight function; Cyber risk; Financial sector; Financial stability assessment; PFM information systems; Securities; Global
Download PDF (298.4 KB)

Front Matter Page

IMF Country Report No. 20/262

NORWAY

FINANCIAL SECTOR ASSESSMENT PROGRAM

TECHNICAL NOTE—CYBERSECURITY RISK SUPERVISION AND OVERSIGHT

August 2020

This Technical Note on Cybersecurity Risk Supervision and Oversight for the Norway FSAP was prepared by a staff team of the International Monetary Fund as background documentation for the periodic consultation with the member country. It is based on the information available at the time it was completed on July 7, 2020.

Disclaimer:

This document was prepared before COVID-19 became a global pandemic and resulted in unprecedented economic strains. It, therefore, does not reflect the implications of these developments and related policy priorities. We direct you to the IMF Covid-19 page that includes staff recommendations with regard to the COVID-19 global outbreak.

Copies of this report are available to the public from

International Monetary Fund • Publication Services

PO Box 92780 • Washington, D.C. 20090

Telephone: (202) 623–7430 • Fax: (202) 623–7201

E-mail: publications@imf.org Web: http://www.imf.org

Price: $18.00 per printed copy

International Monetary Fund

Washington, D.C.

© 2020 International Monetary Fund

Front Matter Page

NORWAY

FINANCIAL SECTOR ASSESSMENT PROGRAM

TECHNICAL NOTE

CYBERSECURITY RISK SUPERVISION AND OVERSIGHT

July 24, 2020

This Technical Note was prepared in October 2019, before the global intensification of the COVID-19 outbreak. It focuses on Norway’s medium-term challenges and policy priorities and does not cover the outbreak or the related policy response, which has since become the overarching near-term priority.

Prepared By

Monetary and Capital Markets Department

This Technical Note was prepared by IMF staff in the context of the Financial Sector Assessment Program in Norway. It contains technical analysis and detailed information underpinning the FSAP’s findings and recommendations. Further information on the FSAP can be found at http://www.imf.org/external/np/fsap/fssa.aspx

Contents

  • Glossary

  • EXECUTIVE SUMMARY

  • INTRODUCTION

  • CYBERSECURITY RISK SUPERVISION AND OVERSIGHT

  • A. Threat Landscape, Information Sharing, and Cyber Network

  • B. The FSA’s Supervisory Practice

  • C. Norges Bank’s Oversight Practice

  • D. Response and Recovery Capabilities

  • REVIEW AND RECOMMENDATIONS

  • A. Threat Landscape, Cyber Network, and Information Sharing

  • B. The FSA’s Supervisory Practice

  • C. Norges Bank’s Oversight Practice

  • D. Response and Recovery Capabilities

  • TABLES

  • 1. FSAP Key Recommendations

  • 2. FMIs Subject to Supervision and Oversight

  • FIGURES

  • 1. Simplified Structure of Norwegian Regulatory and Threat Intelligence Landscape

  • 2. Key Threats Identified in the 2018 Risk and Vulnerability Analysis

  • 3. Structure of Draft Financial Sector Map Produced by Norges Bank

  • 4. Organizational Chart of the FSA

  • 5. Organizational Chart of Norges Bank

Glossary

BCBS

Basel Committee on Banking Supervision
BCM

Business Continuity Management
BFI

Financial Infrastructure Crisis Preparedness Committee
CCP

Central Counterparty Clearing
CERT

Computer Emergency Response Team
CS GRC

Cybersecurity Governance, Risk and Compliance
COBIT

Control Objectives for Information and Related Technologies
CPMI

Committee on Payments and Market Infrastructure
CLS

Continuous Linked Settlement
CSOC

Cybersecurity Operations Center
EBA

European Banking Authority
EEA

European Economic Area
ENISA

European Union Agency for Cybersecurity
ESRB

European Systemic Risk Board
EU

European Union
FI

Financial Institution
FIRST

Forum of Incident Response and Security Teams
FMI

Financial Market Infrastructure
FSA

Financial Supervisory Authority (Finanstilsynet)
FSB

Financial Stability Board
FS-ISAC

Financial Information Sharing and Analysis Center
IBO

Interbank Settlement Function
ICT

Information and Communication Technology
IMF

International Monetary Fund
IOSCO

International Organization of Securities Commissions
ISAE

International Standard on Assurance Engagements
ISO

International Organization for Standardization
IT

Information Technology
MoU

Memorandum of Understanding
NBO

Norges Bank Settlement System
NFCERT

Nordic Financial Computer Emergency Response Team
NIST

National Institute of Standards and Technology
NorCERT

Norwegian National Computer Emergency Response Team and Cyber Center
NorSIS

Norwegian Center for Information Security
NSM

Norwegian National Security Authority
OSSAT

Operational Security Situational Awareness Telco
PFMI

CPMI-IOSCO Principles for Financial Market Infrastructures
RAV

Risk and Vulnerability Analysis
RTGS

Real-Time Gross Settlement
SARC

Security Architecture Function
SLA

Service Level Agreement
SREP

Supervisory Review and Evaluation Process
SRM

Sectoral Response Institution
SRV

General Risk Assessment (= simplified SREP)
VDI

National Warning System for Digital Infrastructure (VDI)
WOCS

Workshop Operational Cyber Security
  • Collapse
  • Expand
Cover IMF Staff Country Reports
Norway: Financial Sector Assessment Program-Technical Note-Cybersecurity Risk Supervision and Oversight
Author:
International Monetary Fund. Monetary and Capital Markets Department
Volume/Issue:
Volume 2020: Issue 262
Publisher:
International Monetary Fund
ISBN:
9781513553146
ISSN:
1934-7685
Pages:
30
DOI:
https://doi.org/10.5089/9781513553146.002