In the face of increasing data protection regulations and cybersecurity threats, Red Team Assessments – simulated cyber-attacks intended to assess a company’s ability to detect and respond in real-world scenarios – have become a key approach for organizations to ensure their cybersecurity controls and processes are fit for purpose.
In the United Kingdom, The Bank of England has been stress testing the cyber defenses of the country’s biggest financial institutions since 2015 with the introduction of the CBEST intelligence-led cyber resilience testing framework. Since then we have seen global financial and non-financial regulators worldwide (especially across Europe and Asia) adopt similar testing frameworks – quickly making the Regulatory Red Teaming approach the gold standard for multiple regulated industries.
As global regulatory pressures continue to intensify, Regulatory Red Teaming as a cybersecurity best practice is extending beyond financial services with adjacent industries, such as telecommunications and government also beginning to adopt this approach. Regulations such as the General Data Protection Regulation (GDPR) will only further drive this type of testing across all industry sectors, as organizations, more so than ever, are forced to ask themselves how susceptible they are to being breached.
In this session you will learn:
- Why Red Team testing?
- Common features of the regulatory Red Team schemes already in place (CBEST, TIBER, iCAST, GBEST)
- Understanding nuances and differences between the schemes
- Overview of schemes in development or pilot (ECB/TIBER-XX, TBEST, NBEST)
- Top tips on preparing for your regulatory Red Team test
Who should attend:
- Information security professionals and risk management professionals
Justin Clarke-Salt, Managing Director, Stroz Friedberg, an Aon Company
Gavin Jones, Director, Stroz Friedberg, an Aon Company