SEACEN-BOJ Course on ICT Risks, including Cybersecurity

Event Code :FS3C-2019
Venue :Vietnam
Host Name :State Bank of Vietnam
Coordinator :Ms. Haslina
Date From :26 Aug 2019
Date To :30 Aug 2019


Banks and other financial institutions (FIs) face multiple Information and Communication Technology (ICT) risks, and the risks are growing as there are more channels through which outside actors can influence FIs’ key systems, including financial technology (FinTech) innovations.  The course reviews the main types of ICT risks:  availability and continuity, security (including cybersecurity), change, data integrity, and outsourcing; and covers the basic components of an ICT risk assessment, to be performed by the FI itself and reviewed by the banking supervisor as part of an ICT risk management examination.  Available techniques to mitigate these risks will also be discussed.  Taking a deeper dive into the troubling area of cybersecurity, the course will cover key cybersecurity risk; FI trends and changing threats, the risk management lifecycle; threat actors, patterns, and tools; common vulnerabilities; people, process, and technology controls; and how to pursue defense-in-depth.


To give the participants a basic understanding of the range of ICT risks, together with programs and tools to identify, measure, monitor, and mitigate or control these risks.  The main emphasis will be on the need for every FI to have an ICT risk management system and for the banking supervisory agency to evaluate that risk management system. 

Target Participants

The course targets bank supervisors who have some experience evaluating the level of banks’ ICT risk and the quality of ICT risk management. Participants should have experience either as supervisors of financial services firms (such as safety-and-soundness examiners or ICT examiners) or have directly worked in a technology-related area in order to gain the most from the course and be able to contribute appropriately to the discussions.