The WFE has published its response to the Financial Stability Board's (FSB) Cyber Lexicon Consultation.
The FSB’s document - a draft glossary of common terms related to cyber security and cyber resilience - is intended to “support its work to protect financial stability against the malicious use of Information and Communication Technologies (ICT)”. The WFE welcomes the work done on the lexicon, as it is helpful for the market infrastructure industry and all stakeholders to have a consistent set of terms.
The highlights of the WFE’s response can be summarised as follows:
- The WFE believes the lexicon would be more effective, and consistent, if the definitions were anchored exclusively in two sources: i) the International Organization for Standardization (ISO), and ii) the National Institute of Standards and Technology (NIST), as these are the most distinguished sources for Technical, Risk Management, Cyber Security and Information Security standards.
- If other sources are to be used, it is important to ensure that the inclusion of terms from separate sources doesn’t create a disjointed list.
- The WFE proposes some new terms and definitions for the lexicon, including: Threat, Authorisation, Resilience, Intrusion and Flaw Remediation.
- It suggests replacing the terms Campaign and Course of Action with Threat Objective and Threat Objective Lifecycle respectively, along with revisions to those definitions.
- The WFE also recommends alternative definitions for Penetration Testing and Situational Awareness, to more clearly define both of these terms.
The WFE suggests that, in order to maintain the accuracy and efficacy of the lexicon, the FSB engages participants through regular consultations (perhaps every three years).