Announcing Singapore MAS Technology Risk Management Dashboard

Tenable is pleased to announce a dashboard designed to assist our Singapore Financial Services Industry customers to comply with the Monetary Authority of Singapore Technology Risk Management Guidelines.

The Monetary Authority of Singapore (MAS) has published a refreshed set of Technology Risk Management (TRM) Guidelines. These TRM Guidelines have a strong regional and global impact, and now affect any organization that can be classified as a Financial Institution (FI), not just banks. Types of organizations impacted include:

• Finance Companies
• Insurance Companies
• Financial Advisers
• Securities Exchanges
• Futures Exchanges
• Clearing Houses

The Guidelines are very broad and impact all IT systems of the FI, not just Internet-facing systems. While the Guidelines are not mandatory, they do provide excellent direction to financial institutions on how to tackle cybersecurity and cyberthreats. The twelve new Notices of the TRM Guidelines, however, do have legal implications – and violations could result in serious penalties being levied against the institution, not to mention damage to the institutions reputation.

How Tenable Can Help

The MAS provides a checklist, containing over 200 items, which provides guidance on how FIs can comply with the TRM Guidelines. Tenable’s vulnerability assessment, auditing and security monitoring technologies are directly applicable to implementing the guidance of this checklist and meeting the objectives of the TRM Guidelines.

Broadly stated, Tenable solutions help:

• Facilitate detailed analysis and compliance testing of infrastructure devices through the Nessus vulnerability scanner
• Facilitate continuous real-time monitoring of infrastructure through passive inspection of network traffic by the Passive Vulnerability Scanner (PVS)
• Allow for the detection and correlation of significant operational events, as reported by network devices, security devices, client devices and server devices by the Log Correlation Engine (LCE)

Tenable has released a dashboard that helps FIs leverage the comprehensive intelligence contained within SecurityCenter Continuous View (SC CV). This dashboard allows FIs to quickly visualize how well they are complying with the regulations imposed by the TRM.

Data points contained within the dashboard include:

• Top 10 Remediations
• Top 10 Exploitable Vulnerabilities
• Top 10 Most Vulnerable Hosts
• Vulnerability Summary by Severity
• Detected Changes over Past 72 Hours
• Active Protection Technologies
• Active Warnings over Past 72 Hours
• Ticket Status Summary
• Compliance Summary – Check Result Ratio

Each of these data points correlates directly to items in the TRM Guidelines. As with any other SecurityCenter dashboard, analysts can “drill down” and immediately find extremely detailed information. Additionally, the dashboards can be customized to meet any unique customer specific requirements.

To learn more about the Guidelines, and a more detailed discussion of how Tenable can help, please download the Tenable paper titled “SecurityCenter Dashboard for the Monetary Authority of Singapore's Technology Risk Management Guidelines”. The paper includes the mapping of MAS TRM Guideline items to the dashboard components. This is just the first part of Tenable’s support for the Singapore TRM. Look for more dashboards and reports coming soon.