CINXE.COM

CybeRisk Management in Banks: An Italian Case Study

<!DOCTYPE html> <html lang="en" dir="ltr"> <head> <!-- Google tag (gtag.js) --> <script async src="https://www.googletagmanager.com/gtag/js?id=G-P63WKM1TM1"></script> <script> window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'G-P63WKM1TM1'); </script> <!-- Yandex.Metrika counter --> <script type="text/javascript" > (function(m,e,t,r,i,k,a){m[i]=m[i]||function(){(m[i].a=m[i].a||[]).push(arguments)}; m[i].l=1*new Date(); for (var j = 0; j < document.scripts.length; j++) {if (document.scripts[j].src === r) { return; }} k=e.createElement(t),a=e.getElementsByTagName(t)[0],k.async=1,k.src=r,a.parentNode.insertBefore(k,a)}) (window, document, "script", "https://mc.yandex.ru/metrika/tag.js", "ym"); ym(55165297, "init", { clickmap:false, trackLinks:true, accurateTrackBounce:true, webvisor:false }); </script> <noscript><div><img src="https://mc.yandex.ru/watch/55165297" style="position:absolute; left:-9999px;" alt="" /></div></noscript> <!-- /Yandex.Metrika counter --> <!-- Matomo --> <!-- End Matomo Code --> <title>CybeRisk Management in Banks: An Italian Case Study</title> <meta name="description" content="CybeRisk Management in Banks: An Italian Case Study"> <meta name="keywords" content="Bank, CybeRisk, information technology, risk management."> <meta name="viewport" content="width=device-width, initial-scale=1, minimum-scale=1, maximum-scale=1, user-scalable=no"> <meta charset="utf-8"> <meta name="citation_title" content="CybeRisk Management in Banks: An Italian Case Study"> <meta name="citation_author" content="E. Cenderelli"> <meta name="citation_author" content="E. Bruno"> <meta name="citation_author" content="G. Iacoviello"> <meta name="citation_author" content="A. Lazzini"> <meta name="citation_publication_date" content="2014/01/01"> <meta name="citation_journal_title" content="International Journal of Economics and Management Engineering"> <meta name="citation_volume" content="14"> <meta name="citation_issue" content="1"> <meta name="citation_firstpage" content="59"> <meta name="citation_lastpage" content="65"> <meta name="citation_pdf_url" content="https://publications.waset.org/10011007/pdf"> <link href="https://cdn.waset.org/favicon.ico" type="image/x-icon" rel="shortcut icon"> <link href="https://cdn.waset.org/static/plugins/bootstrap-4.2.1/css/bootstrap.min.css" rel="stylesheet"> <link href="https://cdn.waset.org/static/plugins/fontawesome/css/all.min.css" rel="stylesheet"> <link href="https://cdn.waset.org/static/css/site.css?v=150220211555" rel="stylesheet"> </head> <body> <header> <div class="container"> <nav class="navbar navbar-expand-lg navbar-light"> <a class="navbar-brand" href="https://waset.org"> <img src="https://cdn.waset.org/static/images/wasetc.png" alt="Open Science Research Excellence" title="Open Science Research Excellence" /> </a> <button class="d-block d-lg-none navbar-toggler ml-auto" type="button" data-toggle="collapse" data-target="#navbarMenu" aria-controls="navbarMenu" aria-expanded="false" aria-label="Toggle navigation"> <span class="navbar-toggler-icon"></span> </button> <div class="w-100"> <div class="d-none d-lg-flex flex-row-reverse"> <form method="get" action="https://waset.org/search" class="form-inline my-2 my-lg-0"> <input class="form-control mr-sm-2" type="search" placeholder="Search Conferences" value="" name="q" aria-label="Search"> <button class="btn btn-light my-2 my-sm-0" type="submit"><i class="fas fa-search"></i></button> </form> </div> <div class="collapse navbar-collapse mt-1" id="navbarMenu"> <ul class="navbar-nav ml-auto align-items-center" id="mainNavMenu"> <li class="nav-item"> <a class="nav-link" href="https://waset.org/conferences" title="Conferences in 2024/2025/2026">Conferences</a> </li> <li class="nav-item"> <a class="nav-link" href="https://waset.org/disciplines" title="Disciplines">Disciplines</a> </li> <li class="nav-item"> <a class="nav-link" href="https://waset.org/committees" rel="nofollow">Committees</a> </li> <li class="nav-item dropdown"> <a class="nav-link dropdown-toggle" href="#" id="navbarDropdownPublications" role="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false"> Publications </a> <div class="dropdown-menu" aria-labelledby="navbarDropdownPublications"> <a class="dropdown-item" href="https://publications.waset.org/abstracts">Abstracts</a> <a class="dropdown-item" href="https://publications.waset.org">Periodicals</a> <a class="dropdown-item" href="https://publications.waset.org/archive">Archive</a> </div> </li> <li class="nav-item"> <a class="nav-link" href="https://waset.org/page/support" title="Support">Support</a> </li> </ul> </div> </div> </nav> </div> </header> <main> <div class="container mt-4"> <div class="row"> <div class="col-md-9 mx-auto"> <form method="get" action="https://publications.waset.org/search"> <div id="custom-search-input"> <div class="input-group"> <i class="fas fa-search"></i> <input type="text" class="search-query" name="q" placeholder="Author, Title, Abstract, Keywords" value=""> <input type="submit" class="btn_search" value="Search"> </div> </div> </form> </div> </div> <div class="row mt-3"> <div class="col-sm-3"> <div class="card"> <div class="card-body"><strong>Commenced</strong> in January 2007</div> </div> </div> <div class="col-sm-3"> <div class="card"> <div class="card-body"><strong>Frequency:</strong> Monthly</div> </div> </div> <div class="col-sm-3"> <div class="card"> <div class="card-body"><strong>Edition:</strong> International</div> </div> </div> <div class="col-sm-3"> <div class="card"> <div class="card-body"><strong>Paper Count:</strong> 33093</div> </div> </div> </div> <div class="card publication-listing mt-3 mb-3"> <h5 class="card-header" style="font-size:.9rem">CybeRisk Management in Banks: An Italian Case Study</h5> <div class="card-body"> <p class="card-text"><strong>Authors:</strong> <a href="https://publications.waset.org/search?q=E.%20Cenderelli">E. Cenderelli</a>, <a href="https://publications.waset.org/search?q=E.%20Bruno"> E. Bruno</a>, <a href="https://publications.waset.org/search?q=G.%20Iacoviello"> G. Iacoviello</a>, <a href="https://publications.waset.org/search?q=A.%20Lazzini"> A. Lazzini</a> </p> <p class="card-text"><strong>Abstract:</strong></p> <p>The financial sector is exposed to the risk of cyber-attacks like any other industrial sector. Furthermore, the topic of CybeRisk (cyber risk) has become particularly relevant given that Information Technology (IT) attacks have increased drastically in recent years, and cannot be stopped by single organizations requiring a response at international and national level. IT risk is never a matter purely for the IT manager, although he clearly plays a key role. A bank&#39;s risk management function requires a thorough understanding of the evolving risks as well as the tools and practical techniques available to address them. Upon the request of European and national legislation regarding CybeRisk in the financial system, banks are therefore called upon to strengthen the operational model for CybeRisk management. This will require an important change with a more intense collaboration with the structures that deal with information security for the development of an ad hoc system for the evaluation and control of this type of risk. The aim of the work is to propose a framework for the management and control of CybeRisk that will bridge the gap in the literature regarding the understanding and consideration of CybeRisk as an integral part of business management. The IT function has a strong relevance in the management of CybeRisk, which is perceived mainly as operational risk, but with a positive tendency on the part of risk management to the identification of CybeRisk assessment methods that are increasingly complete, quantitative and able to better describe the possible impacts on the business. The paper provides answers to the research questions: Is it possible to define a CybeRisk governance structure able to support the comparison between risk and security? How can the relationships between IT assets be integrated into a cyberisk assessment framework to guarantee a system of protection and risks control? From a methodological point of view, this research uses a case study approach. The choice of &ldquo;Monte dei Paschi di Siena&rdquo; was determined by the specific features of one of Italy&rsquo;s biggest lenders. It is chosen to use an intensive research strategy: an in-depth study of reality. The case study methodology is an empirical approach to explore a complex and current phenomenon that develops over time. The use of cases has also the advantage of allowing the deepening of aspects concerning the &quot;how&quot; and &quot;why&quot; of contemporary events, on which the scholar has little control. The research bases on quantitative data and qualitative information obtained through semi-structured interviews of an open-ended nature and questionnaires to directors, members of the audit committee, risk, IT and compliance managers, and those responsible for internal audit function and anti-money laundering. The added value of the paper can be seen in the development of a framework based on a mapping of IT assets from which it is possible to identify their relationships for purposes of a more effective management and control of cyber risk.</p> <iframe src="https://publications.waset.org/10011007.pdf" style="width:100%; height:400px;" frameborder="0"></iframe> <p class="card-text"><strong>Keywords:</strong> <a href="https://publications.waset.org/search?q=Bank" title="Bank">Bank</a>, <a href="https://publications.waset.org/search?q=CybeRisk" title=" CybeRisk"> CybeRisk</a>, <a href="https://publications.waset.org/search?q=information%20technology" title=" information technology"> information technology</a>, <a href="https://publications.waset.org/search?q=risk%20management." title=" risk management."> risk management.</a> </p> <p class="card-text"><strong>Digital Object Identifier (DOI):</strong> <a href="https://doi.org/10.5281/zenodo.3669180" target="_blank">doi.org/10.5281/zenodo.3669180</a> </p> <a href="https://publications.waset.org/10011007/cyberisk-management-in-banks-an-italian-case-study" class="btn btn-primary btn-sm">Procedia</a> <a href="https://publications.waset.org/10011007/apa" target="_blank" rel="nofollow" class="btn btn-primary btn-sm">APA</a> <a href="https://publications.waset.org/10011007/bibtex" target="_blank" rel="nofollow" class="btn btn-primary btn-sm">BibTeX</a> <a href="https://publications.waset.org/10011007/chicago" target="_blank" rel="nofollow" class="btn btn-primary btn-sm">Chicago</a> <a href="https://publications.waset.org/10011007/endnote" target="_blank" rel="nofollow" class="btn btn-primary btn-sm">EndNote</a> <a href="https://publications.waset.org/10011007/harvard" target="_blank" rel="nofollow" class="btn btn-primary btn-sm">Harvard</a> <a href="https://publications.waset.org/10011007/json" target="_blank" rel="nofollow" class="btn btn-primary btn-sm">JSON</a> <a href="https://publications.waset.org/10011007/mla" target="_blank" rel="nofollow" class="btn btn-primary btn-sm">MLA</a> <a href="https://publications.waset.org/10011007/ris" target="_blank" rel="nofollow" class="btn btn-primary btn-sm">RIS</a> <a href="https://publications.waset.org/10011007/xml" target="_blank" rel="nofollow" class="btn btn-primary btn-sm">XML</a> <a href="https://publications.waset.org/10011007/iso690" target="_blank" rel="nofollow" class="btn btn-primary btn-sm">ISO 690</a> <a href="https://publications.waset.org/10011007.pdf" target="_blank" class="btn btn-primary btn-sm">PDF</a> <span class="bg-info text-light px-1 py-1 float-right rounded"> Downloads <span class="badge badge-light">1429</span> </span> <p class="card-text"><strong>References:</strong></p> <br>[1] Clusit - Associazione Italiana per la Sicurezza Informatica, Rapporto Clusit 2018 sulla sicurezza ICT in Italia, 2018 <br>[2] J. G. March, and Z. Shapira, “Managerial perspectives on risk and risk taking,” Management science, Vol. 33, no 11, pp. 1404-1418, 1987. <br>[3] K.J Arrow, Aspects of the Theory of Risk Bearing. Helsinki: Yrjo Jahnssonis Saatio, 1965. <br>[4] J. W. Pratt, “Risk Aversion in the Small and in the Large,” Econometrica, Vol. 32, pp. 122-136, 1964. <br>[5] G. Bansal, “Distinguishing between Privacy and Security Concerns: An Empirical Examination and Scale Validation,” Journal of Computer Information Systems, Vol. 57, pp. 330-343, 2017. <br>[6] D. L. Goodhue, and D. W. Straub, “Security concerns of system users: a study of perceptions of the adequacy of security,” Information & Management, Vol. 20, no. 1, pp. 13-27, 1991. <br>[7] A. Mukhopadhyay, D. Saha, B. B. Chakrabarti, A. Mahanti, and A. Podder, “Insurance for Cyber-risk: A Utility Model Decision,” Decision Support Systems , Vol. 32, no. 1, pp. 153-169, 2005. <br>[8] H. Öğüt, S. Raghunathan, N. Menon, “Cyber security risk management: public policy implications of correlated risk, imperfect ability to prove loss, and observability of self-protection,” Risk Analysis, Vol. 31, no. 3, pp. 497–512, 2010. <br>[9] CPMI-IOSCO, Guidance on cyber resilience for financial market infrastructures. Bank for International Settlements and International Organization of Securities Commissions, 2015. <br>[10] N. S. Safa, R. Von Solms, and S. Furnell, “Information security policy compliance model in organizations,” Computers & Security, Vol. 56, pp. 70-82, 2016. <br>[11] C. Biener, M. Eling, and J.H. Wirfs, “Insurability of Cyber Risk: An Empirical Analysis,” Working Paper of Finance, University of St. Gallen, no. 3, 2015. <br>[12] Deloitte, Modelli di governance dei rischi cyber e raccomandazioni di sviluppo per le aziende. Milano 2016. <br>[13] J. L. Hieb, “Cyber security risk assessment for SCADA and DCS networks,” ISA Transactions, Vol. 46, pp. 583-594, 2007. <br>[14] A. Hoffmann, and H. Ramaj, “Interdependent risk networks: the threat of cyber attack,” International Journal of Management and Decision Making, Vol. 11, no. 5/6, pp. 312-323, 2011. <br>[15] K. S. Hong, Y. P Chi, L. R. Chao, J. H. Tang, “An integrated system theory of information security management,” Information Management & Computer Security, Vol. 11, no. 5, pp. 243-248, 2003. <br>[16] P. Ifinedo, D. Olsen, “An Empirical Research on the Impacts of organisational decisions’ locus, tasks structure rules, knowledge, and IT function’s value on ERP system success,” International Journal of Production Research, Vol. 53, no. 8, pp. 2554-2568, 2015. <br>[17] R. Keyun, “Introducing cybernomics: A unifying economic framework for measuring cyber risk,” Computers & Security, no. 65, pp. 77–89, 2017. <br>[18] National Institute of Standards and Technology, Framework for Improving Critical Infrastructure Cybersecurity. 2017. www.nist.gov/cyberframework <br>[19] J. F. V. Niekerk, R. V. Solms, “Information security culture: a management perspective,” Computers & Security, Vol.17, pp. 476-486, 2010. <br>[20] PricewaterHouseCoopers, Enhancing business resilience: Transforming Cyber risk management through the role of the Cief Risk Officer (CRO). 2015. www.pwc.com/financialservices <br>[21] H. Stewart, J. Jürjens, “Information security management and the human aspect in organizations,” Information & Computer Security, Vol. 25, no. 5, pp. 494-534, 2017. <br>[22] S. Kaplan, B. J. Garrick, “On the quantitative definition of risk,” Risk Analysis, Vol. 1, no 1, pp. 11–27, 1981. <br>[23] S. Hoo, How much is enough? A risk-management approach to computer security. CA: Stanford University, 2000. <br>[24] NIST, Risk management guide for information technology systems.National Institute of Standards and Technology (NIST). 2002. <br>[25] Z. Ramadan, “The gamification of trust: the case of China’s “social credit,” Marketing Intelligence & Planning, Vol. 36, no. 1, pp. 93-107, 2018. <br>[26] M.C. Arcuri, M. Brogi, and G. Gandolfi, “Ciber risk in the financial industry, the market reactions,” Bancaria, Vol. 4, pp. 35-49, 2017. <br>[27] A. Abbott, Methods of Discovery: Heuristics for the Social Sciences. New York: W.W. Norton, 2004. <br>[28] Commissione Europea, Resilienza, deterrenza e difesa: verso una ciber sicurezza forte per l’UE. Comunicazione congiunta al parlamento europeo e al consiglio, 13 dicembre 2017. <br>[29] EBA (a), Risk Dashboard data as of Q2 2017. European Banking Authority, 2017. <br>[30] EBA (b), Guidelines on ICT Risk Assessment under the Supervisory Review. European Banking Authority, 2017. <br>[31] G7 (a), Foundamental elements of cybersecurity for the financial sector. ottobre 2016 <br>[32] G7 (b), Foundamental elements for effective assessment of cybersecurity for the financial sector. ottobre 2017. <br>[33] Banca d'Italia (d), Disposizioni di Vigilanza per le banche, to the 16th update of 285/13. Banca d’Italia , 2013. <br>[34] Banca d'Italia (b), Linee guida per la definizione di una metodologia di analisi del rischio informatico e di un processo di gestione del rischio informatico. Support Project adjustment to the 15th update of 263/06 - new information technology and business continuity – September 2014. <br>[35] Banca d'Italia (c), Policy di Metodologia di analisi del rischio Informatico, Risk Analysis methodology - Support Project adjustment to the 15th update of 263/06 - new information technology and business continuity - January 2014. <br>[36] Banca d'Italia (a), Nuove disposizioni di vigilanza prudenziale per le banche. Circolare n. 263 del 27 novembre 2016, www.bancaditalia.it <br>[37] EBA (c), Guidelines on the security measures for operational and security risks of payment services under Directive (EU) 2015/2366 (PSD2). European Banking Authority, 2017. <br>[38] CIS Sapienza and CINI, Italian Cyber Security Report. Un report nazionale per la cyber security. Roma 2015, www.cybersecurityreport.com </div> </div> </div> </main> <footer> <div id="infolinks" class="pt-3 pb-2"> <div class="container"> <div style="background-color:#f5f5f5;" class="p-3"> <div class="row"> <div class="col-md-2"> <ul class="list-unstyled"> About <li><a href="https://waset.org/page/support">About Us</a></li> <li><a href="https://waset.org/page/support#legal-information">Legal</a></li> <li><a target="_blank" rel="nofollow" href="https://publications.waset.org/static/files/WASET-16th-foundational-anniversary.pdf">WASET celebrates its 16th foundational anniversary</a></li> </ul> </div> <div class="col-md-2"> <ul class="list-unstyled"> Account <li><a href="https://waset.org/profile">My Account</a></li> </ul> </div> <div class="col-md-2"> <ul class="list-unstyled"> Explore <li><a href="https://waset.org/disciplines">Disciplines</a></li> <li><a href="https://waset.org/conferences">Conferences</a></li> <li><a href="https://waset.org/conference-programs">Conference Program</a></li> <li><a href="https://waset.org/committees">Committees</a></li> <li><a href="https://publications.waset.org">Publications</a></li> </ul> </div> <div class="col-md-2"> <ul class="list-unstyled"> Research <li><a href="https://publications.waset.org/abstracts">Abstracts</a></li> <li><a href="https://publications.waset.org">Periodicals</a></li> <li><a href="https://publications.waset.org/archive">Archive</a></li> </ul> </div> <div class="col-md-2"> <ul class="list-unstyled"> Open Science <li><a target="_blank" rel="nofollow" href="https://publications.waset.org/static/files/Open-Science-Philosophy.pdf">Open Science Philosophy</a></li> <li><a target="_blank" rel="nofollow" href="https://publications.waset.org/static/files/Open-Science-Award.pdf">Open Science Award</a></li> <li><a target="_blank" rel="nofollow" href="https://publications.waset.org/static/files/Open-Society-Open-Science-and-Open-Innovation.pdf">Open Innovation</a></li> <li><a target="_blank" rel="nofollow" href="https://publications.waset.org/static/files/Postdoctoral-Fellowship-Award.pdf">Postdoctoral Fellowship Award</a></li> <li><a target="_blank" rel="nofollow" href="https://publications.waset.org/static/files/Scholarly-Research-Review.pdf">Scholarly Research Review</a></li> </ul> </div> <div class="col-md-2"> <ul class="list-unstyled"> Support <li><a href="https://waset.org/page/support">Support</a></li> <li><a href="https://waset.org/profile/messages/create">Contact Us</a></li> <li><a href="https://waset.org/profile/messages/create">Report Abuse</a></li> </ul> </div> </div> </div> </div> </div> <div class="container text-center"> <hr style="margin-top:0;margin-bottom:.3rem;"> <a href="https://creativecommons.org/licenses/by/4.0/" target="_blank" class="text-muted small">Creative Commons Attribution 4.0 International License</a> <div id="copy" class="mt-2">&copy; 2024 World Academy of Science, Engineering and Technology</div> </div> </footer> <a href="javascript:" id="return-to-top"><i class="fas fa-arrow-up"></i></a> <div class="modal" id="modal-template"> <div class="modal-dialog"> <div class="modal-content"> <div class="row m-0 mt-1"> <div class="col-md-12"> <button type="button" class="close" data-dismiss="modal" aria-label="Close"><span aria-hidden="true">&times;</span></button> </div> </div> <div class="modal-body"></div> </div> </div> </div> <script src="https://cdn.waset.org/static/plugins/jquery-3.3.1.min.js"></script> <script src="https://cdn.waset.org/static/plugins/bootstrap-4.2.1/js/bootstrap.bundle.min.js"></script> <script src="https://cdn.waset.org/static/js/site.js?v=150220211556"></script> <script> jQuery(document).ready(function() { /*jQuery.get("https://publications.waset.org/xhr/user-menu", function (response) { jQuery('#mainNavMenu').append(response); });*/ jQuery.get({ url: "https://publications.waset.org/xhr/user-menu", cache: false }).then(function(response){ jQuery('#mainNavMenu').append(response); }); }); </script> </body> </html>

Pages: 1 2 3 4 5 6 7 8 9 10