In June 2020, Malta Financial Services Authority (MFSA) issued a clear set of Guidance Notes on Cybersecurity mandating all licensed entities to comply to a minimum set of measures for establishing, maintaining and overseeing their internal cybersecurity architecture. The document goes into significant detail and, while establishing the important principle of proportionality, it sets many new cybersecurity requirements and obligations on license holders.
The role of an Information Security Officer (ISO) is complex, requiring considerable business and technical experience to successfully balance business risk with environmental and financial objectives whilst also considering the organisational culture and business constraints and.
Employing a full-time ISO is often prohibitive. This often results in nothing being done to address issues, or the implementation of controls that is not coherent. Strategic thought is bypassed, failing to deliver business value and resulting in increased costs.
At RSM we have a team of professionals with the knowledge and experience to act as the outsourced ISO for your entity, or even assist the appointed internal ISO on specific initiatives. We can:
- Collaborate with management to improve understanding of security;
- Identify cyber threats and risks;
- Set up a Risk Register;
- Identify mitigating controls and assign clear owners;
- Establish assurance frequencies;
- Develop and implement a comprehensive plan to secure the computing network;
- Keep you up-to-date with developments in IT security standards and threats;
- Perform periodical vulnerability tests to find any technical flaws;
- Respond to security breaches and assess their impact;
- Provide user awareness training about information security;
- Communicate information security aspects to the board.