Banking and Finance Sector-Specific Plan

[Pages:116]Banking and Finance

Critical Infrastructure and Key Resources Sector-Specific Plan as input to the National Infrastructure Protection Plan

May 2007

Banking and Finance Government Coordinating Council Letter of Support

ii

Banking and Finance Sector-Specific Plan

Table of Contents

Executive Summary

1

1. Sector Profile and Goals

1

2. Identify Assets, Systems, Networks, and Functions

2

3. Assess Risks

3

4. Prioritize Infrastructure

3

5. Develop and Implement Protective Programs

3

6. Measure Progress

3

7. CI/KR Protection Research & Development (R&D)

4

8. Managing and Coordinating SSA Responsibilities

4

Introduction

5

1. Sector Profile and Goals

7

1.1 Sector Profile

8

1.1.1 Deposit, Consumer Credit, and Payment Systems Products

9

1.1.2 Credit and Liquidity Products

9

1.1.3 Investment Products

9

1.1.4 Risk-Transfer Products (Including Insurance)

10

1.1.5 Federal and Self-Regulation of Financial Services Firms

10

1.1.6 State Regulation of Financial Services Firms

10

1.2 Security Partners

11

1.2.1 Relationships with Federal and State Regulators and Related Associations

11

1.2.2 Relationships with Private Sector Owner/Operators and Organizations

14

1.3 Sector Security Goals

19

1.4 Value Proposition

20

2. Identify Assets, Systems, Networks, and Functions

21

2.1 Defining Information Parameters

22

2.2 Collecting Infrastructure Information

23

2.2.1 Deposit and Payment System Products

23

2.2.2 Credit and Liquidity Products

24

2.2.3 Investment Products

24

2.2.4 Risk-Transfer Products

24

Table of Contents

iii

 2.2.5 Collecting Asset Data 2.3 Verifying Infrastructure Information 2.4 Updating Infrastructure Information

3. Assess Risks 3.1 Use of Risk Assessment in the Sector 3.2 Screening Infrastructure 3.3 Assessing Consequences 3.4 Assessing Vulnerabilities 3.5 Assessing Threats

4. Prioritize Infrastructure 5. Develop and Implement Protective Programs

5.1 Overview of Sector Protective Programs 5.2 Determining Protective Program Needs 5.3 Protective Program Implementation Going Forward 5.4 Protective Program Performance 6. Measure Progress 6.1 CI/KR Performance Measurement 6.1.1 Developing Sector-Specific Metrics 6.1.2 Information Collection and Verification 6.1.3 Reporting 6.2 Implementation Actions 6.3 Challenges and Continuous Improvement 7. CI/KR Protection R&D 7.1 Overview of Sector R&D 7.2 Sector R&D Requirements 7.3 Sector R&D Plan 7.4 R&D Management Processes 8. Manage and Coordinate SSA Responsibilities 8.1 Program Management Approach 8.2 Process and Responsibilities 8.2.1 SSP Maintenance and Update 8.2.2 Annual Reporting 8.2.3 Training and Education 8.3 Implementing the Sector Partnership Model 8.4 Information Sharing and Protection

iv

25 25 25 27 28 29 29 29 30 31 33 33 34 34 36 38 41 41 42 43 43 44 46 47 47 47 48 48 51 51 51 51 51 51 52 52

Banking and Finance Sector-Specific Plan

Appendix 1: List of Acronyms and Abbreviations

55

Appendix 2: Statutory Authorities

57

Federal Regulators

57

State Regulators

62

Guidance and Key Documents: Federal Regulators

73

Guidance and Key Documents: State Regulators

92

Appendix 3: FSSCC Research and Development Agenda

95

List of Figures

Figure E-1. Vision Statement for the Banking and Finance Sector

2

Figure 1-1. FBIIC Members

12

Figure 1-2. FSSCC Members

15

Figure 1-3. Regional Partnerships

18

Figure 1-4. Locations of Regional Partnerships

19

Figure 1-5. Vision Statement for the Banking and Finance Sector

19

Figure 2-1. Vulnerability Assessment Methodology

21

Figure 3-1. Vulnerability Assessment Methodology

28

Figure 3-2. Dependent Relationships

30

Figure 4-1. Vulnerability Assessment Methodology

32

Figure 5-1. Vulnerability Assessment Methodology

33

Figure 6-1. Vulnerability Assessment Methodology

41

Figure 8-1. Information Flow

53

List of Tables

Table 6-1. Implementation Actions

44

Table A-1. Comparison Matrix: FSSCC R&D Challenges vs. NIPP R&D Themes

103

Table of Contents

v

 ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download