Proposal for a Common Categorisation of IT Incidents

Financial Authorities members of the G-7 Cyber Expert Group (CEG), Financial Authorities members of the G-7 Cyber Expert Group (CEG)

Download This Paper

Open PDF in Browser

Add Paper to My Library

Proposal for a Common Categorisation of IT Incidents

Bank of Italy Markets, Infrastructures, Payment Systems Working Paper No. 6

34 Pages Posted: 27 May 2021

See all articles by Financial Authorities members of the G-7 Cyber Expert Group (CEG) Financial Authorities members of the G-7 Cyber Expert Group (CEG)

Financial Authorities members of the G-7 Cyber Expert Group (CEG) Financial Authorities members of the G-7 Cyber Expert Group (CEG)

Independent

Date Written: May 14, 2021

Abstract

This paper presents the proposal for a common categorisation of malicious cyber incidents (cyber‑attacks) and other information technology (IT) incidents formulated by ten financial authorities that are members of the G‑7 Cyber Expert Group (CEG) and that represent six of the G‑7 jurisdictions. The aim of the proposal is to promote the harmonisation of the various incident reports that authorities require from financial institutions by defining common principles and developing a common taxonomy for incident reporting. The adoption of these common principles and taxonomy should make incident reporting more robust and effective by facilitating a common understanding of incidents, the sharing of information, and the joint management of IT cross‑border crises.

Keywords: IT incidents, cyber incidents, operational incidents, taxonomy

JEL Classification: F50, G20, K24, L50

Suggested Citation: Suggested Citation

Financial Authorities members of the G-7 Cyber Expert Group (CEG), Financial Authorities members of the G-7 Cyber Expert Group (CEG), Proposal for a Common Categorisation of IT Incidents (May 14, 2021). Bank of Italy Markets, Infrastructures, Payment Systems Working Paper No. 6, Available at SSRN: https://ssrn.com/abstract=3854999