The report uses the term “cybersecurity” according to the definition of the Financial Stability Board (FSB) Cyber Lexicon (available at http://www.fsb.org/2018/11/cyber-lexicon). With this, “Cybersecurity” and “information security” denote the same concept.
Or technical experts from the IT department performing supervisory roles.
The conflict of interest stems from the fact that the IT department runs the APSSS payments system and at the same time it is supposed to provide expertise for the oversight function.
Short-term: < 12 months; Medium-term: 12–24 months.
The current guidance note was developed by the IT department because the absence of cybersecurity skills in the supervision department.
Jurisdictions and tools are mentioned as examples and should not be taken as preferences of the mission or IMF in general. A useful resource for many regulatory frameworks worldwide is the FSB Stocktake of Publicly Released Cybersecurity Regulations, Guidance and Supervisory Practices, which can be accessed at http://www.fsb.org/wp-content/uploads/P131017–2.pdf.
Where possible, the supervisors allow for on-the-spot correction of findings. Open supervisory findings are defined as the issues that require more complex corrective actions.
For example, a rogue access point’s signal could be picked up from outside of the building.
Referred to as the IT Table of IT Risks.