凯利Feili, 存’s Director of Operational and Technology Risk (OTR) Advocacy, was recently named 网络风险研究所(CRI) 联合国副主席.S. 标准委员会. CRI works to protect the global economy by enhancing cybersecurity and resiliency through standardization.
Related: Assessing the 2023 Cyber Security Landscape
“I'm excited to be in this role and further advocate on behalf of the financial services sector,飞莉说. “We can continue the momentum that has been building for the last three years. It would be a major advantage for the financial services sector to have less compliance costs and a more streamlined option for meeting regulatory obligations.”
存管连接 caught up with Kelly to learn more about her new role.
DC:您能谈谈您在存的角色吗?
KF: I started with 存 in 2016 as a business information security officer, where we facilitated the engagement between 存 Technology Risk Management and our business areas by acting much like a translator of security and compliance requirements to business process enhancements. In 2019, I returned from maternity leave and moved into my current role in cyber policy and advocacy where our focus is on 存’s external engagement and advocacy strategy as it relates to cybersecurity, 弹性和第三方风险管理. We work with trade associations and public sector partners, collaborating on various cyber and resilience advocacy activities and initiatives within the financial services sector, 包括对最佳实践的看法, new guidance and new rules related to cybersecurity and efforts focused on strengthening the sector’s resilience.
DC: Tell us about the CRI’s role within financial services sector.
KF: 2016年, vnsr威尼斯城官网登入业协调委员会 developed what we originally called the financial services profile and which we now refer to as the “Profile,大写的P. One of the sector's challenges is that there are many overlapping regulations. 管理坚持可能是难以驾驭的, particularly for global firms as it relates to cybersecurity, 弹性和第三方风险管理, as these areas are constantly evolving to address new threats.
所以, the Profile harmonizes regulatory expectations into a more concise and manageable list of assessment questions and outcomes. It aims to be applicable broadly across financial services and maps different principles and regulations. The Cyber Risk Institute was created three years ago to be the designated organization responsible for maintaining the Profile.
DC:什么是CRI和U.S. 标准小组委员会的目标和宗旨?
KF: CRI’s objective is to reduce the cybersecurity compliance burden that the financial services sector faces by demonstrating how it meets the outcomes defined in the Profile. Cybersecurity experts spend a significant amount of time on compliance activities rather than protecting financial systems, so CRI’s goal is to streamline compliance activities to free up experts’ time. 美国.S. 标准小组委员会确定法规, guidance and standards that should be included in the mapping to the Profile and, 当金融当局或美国.S. government are setting new cybersecurity-related frameworks, 我们提倡个人资料, 谈谈它的好处, 它为什么存在, 以及为什么该行业更青睐它.
Related: Why Cyber Advocacy is a Pivotal Step for Cybersecurity Efforts
DC: 存和CRI是什么关系?
KF: It’s to our advantage to be a member of and support the CRI. Our relationship enables us to invest in the future of cybersecurity, providing a voice on important initiatives that could impact the financial services industry and help shape future cybersecurity requirements.
DC: What you are looking forward to in the role of Vice Chair of the U.S. 标准委员会?
KF: I am proud to be Vice Chair of this group and to work alongside the Chair, 摩根大通的Debbie Eng, and the working group members on initiatives that are larger than our individual firms’ efforts. 作为副主席, I am looking forward to helping lead collaboration efforts across the sector as these are powerful in strengthening our collective cybersecurity practices. Our group plays an important role in working towards ensuring industry alignment regarding cybersecurity compliance.
DC: What are some of key issues you will be focusing on with the CRI?
KF: One of the immediate initiatives is to work through how the Profile can be leveraged to address the Cybersecurity and Infrastructure Security Agency’s mandate to develop 跨部门的具体绩效目标, which are meant to establish common cybersecurity measurements that drive the management of cybersecurity risks. These 跨部门的具体绩效目标 are part of a larger U.S. government effort to improve cybersecurity for critical infrastructure based on a 2021 Executive Order 14028.