The Cyber Risk Institute (CRI) released the Profile v2.0 on February 29, 2024 as the next evolution of a global standard for cyber risk assessment in the financial services sector. For v2.0, the Profile has been expanded to include elements of enterprise technology, third-party risk management, and business continuity to better assess risk management programs in financial institutions (FIs). The CRI Profile v2.0 is also aligned with the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) v2.0. and includes the familiar functions of Govern, Identify, Protect, Detect, Respond, and Recover.
To help FIs better manage their cyber compliance programs, the CRI Profile v2.0 harmonizes 2,500+ regulatory expectations into a little over 300 diagnostic statements (essentially control objectives)—an 8X reduction. As a cyber risk assessment tool by and for the financial sector, the Profile may be used as a common baseline for examinations by multiple financial regulators. This allows FIs to deploy their resources more effectively for compliance-related activities, reduces the time needed to reconcile exam issues, and simplifies security oversight with better organization of complex risks.
Palo Alto Networks is part of the CRI Innovators Program and is committed to helping FIs assess and manage their cyber risks. Palo Alto Networks products and services can contribute to an FI's efforts across all seven of the CRI Profile’s Functions, 82% of its Categories, and 71% of its Subcategories.
Download this white paper to learn how Palo Alto Networks offerings map to the various elements of the CRI Profile v2.0 and can help with your cyber risk management program.
