Information Security Management Resources

NIST Cybersecurity Framework

The NIST Cybersecurity Framework, created through collaboration between industry and government, consists of standards, guidelines, and practices to promote the protection of critical infrastructure through effective information security management.  https://www.nist.gov/cyberframework


FSSCC Automated Cybersecurity Assessment Tool

FS-ISAC collaborated with members of the Financial Services Sector Coordinating Council (FSSCC) on an automated tool to assist financial institutions of all sizes to collect and score their responses to the Federal Financial Institutions Examination Council’s Cybersecurity Assessment Tool.

https://www.fsisac.com/article/fsscc-automated-cybersecurity-assessment-tool

ISO 27001 Information Security Framework

ISO/IEC 27001 is the best-known standard in the family providing requirements for an information security management system (ISMS), a systematic approach to managing sensitive company information so that it remains secure. It includes people, processes and IT systems by applying a risk management process., and can help small, medium and large businesses in any sector keep information assets secure.

https://www.iso.org/isoiec-27001-information-security.html

Securities Industry and Financial Markets Association Small Firm Cyber Checklist

Drawing upon the NIST cybersecurity framework, as well as other industry and government resources, SIFMA has composed a guidebook and checklist tailored to small firms. 

https://www.sifma.org/resources/general/cybersecurity-guidance-for-small-firms/

Financial Industry Regulatory Authority Cyber Checklist

FINRA has created a checklist to assist small firms in establishing a cybersecurity program.

http://www.finra.org/industry/cybersecurity#checklist