Securing The Core: Cyber Resilience Supervision In Capital Markets Infrastructure Training Course

Introduction

Ensuring the cyber resilience of critical capital markets infrastructure, including exchanges and central counterparties (CCPs), is paramount for maintaining financial stability and market integrity under central bank oversight. This specialized training course directly addresses this vital need, equipping supervisors with the essential knowledge and frameworks to effectively oversee and enhance the cyber resilience of these key entities. Participants will gain a comprehensive understanding of the unique cyber threats targeting capital markets infrastructure, learn best practices for cyber resilience supervision, and explore strategies for fostering robust security postures within these systemically important institutions. Mastering cyber resilience supervision in capital markets infrastructure is crucial for safeguarding the core of the financial system against evolving cyberattacks.

This intensive training course delves into the specific vulnerabilities and interconnectedness of capital markets infrastructure, highlighting the potential for systemic disruption arising from successful cyberattacks. We will explore the key elements of cyber resilience, including identification, protection, detection, response, and recovery, within the context of exchanges, CCPs, and other critical market utilities. Participants will learn how to assess the cyber resilience frameworks of these entities, understand relevant regulatory expectations and international standards, and develop effective supervisory strategies to ensure the continuous and secure operation of essential capital markets infrastructure under central bank oversight.

Target Audience

• Central Bank Supervisors
• Financial Market Infrastructure Oversight Specialists
• Cybersecurity Professionals in Regulatory Agencies
• Risk Management Professionals
• IT Security Professionals in Financial Infrastructure
• Compliance Officers
• Policy Analysts

Course Objectives

• Understand the critical importance of cyber resilience for the stability and integrity of capital markets infrastructure.
• Identify the unique cyber threats and vulnerabilities targeting exchanges, central counterparties (CCPs), and other key market infrastructure.
• Learn the key elements and frameworks for building and assessing cyber resilience in financial market infrastructure.
• Understand relevant national and international regulatory expectations and best practices for cyber resilience in FMIs.
• Develop strategies for supervising the cyber resilience of capital markets infrastructure under central bank oversight.
• Learn how to assess the cyber risk management capabilities and governance frameworks of FMIs.
• Understand the importance of incident response and recovery planning for cyberattacks on critical infrastructure.
• Explore the role of cyber threat intelligence and information sharing in enhancing the collective cyber resilience of the financial sector.
• Learn how to evaluate the cyber resilience of third-party service providers to capital markets infrastructure.
• Understand the supervisory considerations for emerging technologies and their impact on the cyber resilience of FMIs.
• Develop frameworks for assessing the cyber resilience of interconnected market infrastructures.
• Learn about cyber resilience testing and exercises for capital markets infrastructure.
• Understand the supervisory role in promoting a culture of cyber resilience within FMIs.

Duration

10 Days

Course content

Module 1: The Critical Importance of Cyber Resilience in Capital Markets Infrastructure

• Understanding the systemic impact of disruptions to exchanges, CCPs, and other key market infrastructure due to cyberattacks for your module.
• Analyzing historical cyber incidents and their consequences for financial markets.
• Exploring the interconnectedness of FMIs and the potential for cascading cyber risks.
• Understanding the regulatory mandate for central bank oversight of cyber resilience in critical infrastructure.
• Emphasizing the foundational role of cyber resilience in maintaining market confidence and stability.

Module 2: Unique Cyber Threats and Vulnerabilities Targeting FMIs

• Identifying common cyberattack vectors and techniques specifically targeting financial market infrastructure (e.g., ransomware, DDoS, supply chain attacks) for your module.
• Understanding the motivations and capabilities of different cyber threat actors targeting FMIs.
• Exploring the vulnerabilities arising from the complex and interconnected nature of FMI systems.
• Analyzing the risks associated with legacy systems and the adoption of new technologies in FMIs.
• Understanding the specific threats to the confidentiality, integrity, and availability of FMI data and operations.

Module 3: Key Elements and Frameworks for Cyber Resilience in FMIs

• Exploring the five functions of the NIST Cybersecurity Framework (Identify, Protect, Detect, Respond, Recover) and their application to FMIs for your module.
• Understanding other relevant cyber resilience frameworks and standards (e.g., CPMI-IOSCO Principles for FMIs, ISO 27001).
• Analyzing the importance of robust governance and risk management frameworks for cyber resilience.
• Understanding the role of security controls across people, processes, and technology in building cyber resilience.
• Emphasizing the need for a holistic and adaptive approach to cyber resilience.

Module 4: Regulatory Expectations and Best Practices for Cyber Resilience in FMIs

• Reviewing relevant national and international regulatory expectations and guidance on cyber resilience for financial market infrastructure for your module.
• Analyzing best practices in cyber security and resilience adopted by leading FMIs globally.
• Understanding supervisory expectations regarding cyber incident reporting and information sharing.
• Exploring the role of regulatory frameworks in driving enhanced cyber resilience within FMIs.
• Examining the increasing focus on cyber resilience in regulatory assessments and examinations.

Module 5: Supervising the Cyber Resilience of Capital Markets Infrastructure

• Developing strategies for effectively supervising the cyber resilience of exchanges, CCPs, and other FMIs under central bank oversight for your module.
• Understanding the key areas of focus for supervisory assessments of cyber resilience.
• Analyzing different supervisory approaches, including on-site examinations, off-site monitoring, and thematic reviews.
• Exploring the use of supervisory technology (SupTech) for monitoring cyber risks in FMIs.
• Emphasizing the importance of ongoing dialogue and collaboration between supervisors and FMI management.

Module 6: Assessing Cyber Risk Management Capabilities and Governance in FMIs

• Learning how to evaluate the cyber risk management frameworks, policies, and procedures of capital markets infrastructure for your module.
• Understanding the role of the board and senior management in overseeing cyber resilience.
• Analyzing the effectiveness of cyber risk identification, assessment, and treatment processes within FMIs.
• Exploring the organizational structure and responsibilities for cyber security within FMIs.
• Assessing the maturity and continuous improvement of FMI cyber risk management capabilities.

Module 7: Incident Response and Recovery Planning for Cyberattacks on FMIs

• Understanding the critical elements of a robust cyber incident response plan for capital markets infrastructure for your module.
• Analyzing the importance of timely detection, containment, and eradication of cyber threats.
• Exploring best practices for business continuity and disaster recovery planning in the context of cyber incidents.
• Understanding the communication protocols and stakeholder management during a cyber crisis affecting FMIs.
• Emphasizing the need for regular testing and exercising of incident response and recovery plans.

Module 8: Cyber Threat Intelligence and Information Sharing for Enhanced Resilience

• Understanding the value of cyber threat intelligence in anticipating and mitigating attacks on financial infrastructure for your module.
• Exploring sources of cyber threat intelligence and mechanisms for sharing information within the financial sector.
• Analyzing the role of public-private partnerships in enhancing cyber threat information sharing.
• Understanding the challenges and benefits of cross-border cyber threat intelligence exchange.
• Emphasizing the importance of proactive and collaborative approaches to cyber threat intelligence.

Module 9: Supervising the Cyber Resilience of Third-Party Service Providers to FMIs

• Understanding the increasing reliance of capital markets infrastructure on third-party service providers and the associated cyber risks for your module.
• Developing frameworks for assessing the cyber resilience due diligence processes of FMIs for their vendors.
• Evaluating the contractual arrangements and oversight mechanisms for third-party cyber security.
• Analyzing the potential for supply chain attacks to compromise FMIs.
• Implementing supervisory expectations for managing third-party cyber risks in the FMI ecosystem.

Module 10: Supervisory Considerations for Emerging Technologies and FMI Cyber Resilience

• Understanding the impact of new technologies (e.g., cloud computing, AI, blockchain) on the cyber resilience landscape of capital markets infrastructure for your module.
• Analyzing the novel cyber risks and vulnerabilities introduced by these technologies.
• Exploring the supervisory challenges in overseeing the secure adoption of emerging technologies by FMIs.
• Understanding the potential for these technologies to also enhance cyber resilience.
• Emphasizing the need for adaptive and forward-looking supervisory approaches.

Module 11: Assessing the Cyber Resilience of Interconnected Market Infrastructures

• Understanding the complexities of assessing cyber resilience across interconnected exchanges, CCPs, and payment systems for your module.
• Analyzing the potential for cyber incidents at one FMI to propagate risks to others.
• Exploring the need for coordinated cyber resilience strategies and testing across interconnected entities.
• Understanding the supervisory challenges in overseeing the cyber resilience of systemic FMIs and their dependencies.
• Emphasizing the importance of a system-wide perspective on cyber resilience in capital markets infrastructure.

Module 12: Cyber Resilience Testing and Exercises for Capital Markets Infrastructure

• Understanding the different types of cyber resilience testing and exercises applicable to capital markets infrastructure (e.g., penetration testing, tabletop exercises, simulation exercises) for your module.
• Analyzing the objectives and benefits of conducting regular and realistic cyber resilience tests.
• Exploring best practices for planning, executing, and learning from cyber resilience exercises.
• Understanding the supervisory expectations for FMI cyber resilience testing programs.
• Emphasizing the importance of continuous improvement based on testing outcomes.

Module 13: Promoting a Culture of Cyber Resilience within FMIs

• Understanding the critical role of organizational culture in fostering strong cyber resilience within capital markets infrastructure for your module.
• Analyzing the importance of cyber security awareness and training for FMI staff at all levels.
• Exploring strategies for promoting a security-first mindset and accountability for cyber risks.
• Understanding the role of leadership in championing cyber resilience initiatives.
• Emphasizing the need for ongoing communication and collaboration on cyber security within FMIs.

Module 14: Case Studies in Cyber Resilience Supervision of Capital Markets Infrastructure

• Analyzing real-world examples of cyber incidents affecting financial market infrastructure and the supervisory responses for your module.
• Examining case studies of effective and less effective cyber resilience strategies implemented by FMIs.
• Understanding the lessons learned from past cyberattacks and near misses in the financial sector.
• Exploring different supervisory approaches to enhancing cyber resilience in various jurisdictions.
• Fostering interactive discussions and knowledge sharing based on practical examples.

Module 15: Developing a Cyber Resilience Supervision Strategy for Capital Markets Infrastructure

• Guiding participants in developing a comprehensive and strategic approach for supervising the cyber resilience of capital markets infrastructure within their own jurisdictions for your module.
• Defining clear supervisory objectives and expectations for FMI cyber resilience.
• Assessing the necessary resources, expertise, and regulatory framework.
• Developing a roadmap for implementing effective cyber resilience supervision and assessment methodologies.
• Planning for continuous learning, adaptation, and collaboration with FMIs and other stakeholders in the evolving cyber threat landscape.

Training Approach

This course will be delivered by our skilled trainers who have vast knowledge and experience as expert professionals in the fields. The course is taught in English and through a mix of theory, practical activities, group discussion and case studies. Course manuals and additional training materials will be provided to the participants upon completion of the training.

Tailor-Made Course

This course can also be tailor-made to meet organization requirement. For further inquiries, please contact us on: Email: info@skillsforafrica.org, training@skillsforafrica.org  Tel: +254 702 249 449

Training Venue

The training will be held at our Skills for Africa Training Institute Training Centre. We also offer training for a group at requested location all over the world. The course fee covers the course tuition, training materials, two break refreshments, and buffet lunch.

Visa application, travel expenses, airport transfers, dinners, accommodation, insurance, and other personal expenses are catered by the participant

Certification

Participants will be issued with Skills for Africa Training Institute certificate upon completion of this course.

Airport Pickup and Accommodation

Airport pickup and accommodation is arranged upon request. For booking contact our Training Coordinator through Email: info@skillsforafrica.org, training@skillsforafrica.org  Tel: +254 702 249 449

Terms of Payment: Unless otherwise agreed between the two parties’ payment of the course fee should be done 7 working days before commencement of the training.