Previous 1 / 7 Next

G-7 FUNDAMENTAL ELEMENTS FOR THREAT-LED PENETRATION TESTING Executive Summary In light of the increasing sophistication and persistence of cyber risks, which can threaten to disrupt our interconnected global financial systems, the G-7 continues to promote the development of frameworks to enhance public and private sector approaches to strengthening cyber resilience of critical entities in the financial system following its publication in 2016 of the G-7 Fundamental Elements of Cybersecurity for the Financial Sector (“G7FE”). These efforts include steps to ensure strong cyber resilience measures are assessed and evaluated, as highlighted by the G-7 Fundamental Elements for Effective Assessment of Cybersecurity in the Financial Sector (“G7FE-Assessment”), published in 2017. The G7FE-Assessment included components to consider and embed when developing cyber resilience assessment frameworks. The G-7 Fundamental Elements for Threat-Led Penetration Testing (G7FE-TLPT) provide entities with a guide for the assessment of their resilience against malicious cyber incidents through simulation and a guide for authorities considering the use of Threat-Led Penetration Testing (TLPT) within their jurisdictions. These fundamental elements are intended to complement a wider suite of cyber resilience assessment tools and techniques, and are not meant to be considered as a singular approach. The core objectives of the G7FE-TLPT are to enhance and assess the cyber resilience of entities and the financial sector more generally, by:  Providing core elements of and approaches for the conduct of TLPT across G-7 jurisdictions. The G7FE-TLPT aim to facilitate greater compatibility among TLPT approaches, whilst also encouraging flexibility and local tailoring based on the unique markets and regulations within each jurisdiction;  Providing a guide to authorities considering the use of TLPT within their jurisdiction;  Providing a guide to entities with respect to conducting their own TLPT assessments; and  Supporting cross-authority interaction and cross-jurisdictional TLPT for multinational entities, facilitating mutual acceptance of test results. The G7FE-TLPT seek to drive greater compatibility among TLPT approaches and do not invalidate existing frameworks or prevent their continuous adaptations to the evolving threat landscape. TLP WHITE: Subject to standard copyright rules, this document may be distributed freely, without restriction. 1

Select target paragraph3

● ● ●

G7 Fundamental Elements for Threat-Led Penetration Testing (G7FE-TLPT)

Document

Intergovernmental Organisation

Group of Seven (G7)

Type of Document (for IGOs)

Policy-Related Documents: Other Documents

Topics

Cybersecurity Exercises
Data Protection
Economy and Finance
International Cooperation
Risk Mitigation and Management

Summary

Adopted at the G7 Finance Ministers and Central Bank Governors’ Meeting in Bali, Indonesia, on 11 October 2018
Developed as a part of the G7 effort to continue promoting the development of frameworks to enhance public and private sector approaches to strengthening cyber resilience of critical entities in the financial system after publishing G7FE in 2016 and G7FE-Assessment in 2017
Designed to provide a guide to:
- (i) authorities considering the use of Threat-Led Penetration Testing (TLPT) for the design, implementation and management of TLPT in their respective jurisdictions
- (ii) entities undertaking TLPT
- (iii) organizations providing cyber threat intelligence services (‘threat intelligence providers’)
- (iv) organizations providing penetration testing services (‘penetration testing providers’); and
- (v) accreditation and certification providers
Core objectives are to enhance and assess the cyber resilience of entities and the financial sector more generally, by:
- Providing core elements of and approaches for the conduct of TLPT across G-7 jurisdictions
- Providing a guide to authorities considering the use of TLPT within their jurisdiction
- Providing a guide to entities with respect to conducting their own TLPT assessments; and
- Supporting cross-authority interaction and cross-jurisdictional TLPT for multinational entities, facilitating mutual acceptance of test results

Source Link 1: https://www.fin.gc.ca/activty/G7/pdf/G7-penetration-testing-tests-penetration-eng.pdf

Source Link 2: https://www.dt.mef.gov.it/en/news/2018/G7_cyber_security.html

Source Link 3: https://www.bundesbank.de/resource/blob/764690/792725ab3e779617a2fe28a03c303940/mL/2018-10-24-g-7-fundamental-elements-for-threat-led-penetration-testing-data.pdf

Year Published: 2018

Date Published: Oct 11, 2018

Document Language(s)

English

Preview

Primary Documents

2018_Group of Seven_en_G7 Fundamental Elements for Threat-Led Penetration Testing (G7FE-TLPT).pdf
english
Download View