The Financial Services Commission is reviewing a plan to grant chief information security officers (CISOs) at financial companies the authority to view security-related materials from other departments. The aim is to strengthen the influence of CISOs to raise internal security levels at financial firms. The Financial Services Commission has begun discussions to include related provisions in the Digital Financial Security Act, which is currently being pushed forward.
According to the financial authorities on the 30th, the Financial Services Commission (FSC) is reviewing ways to strengthen the authority of financial company CISOs through the Digital Financial Security Act. The core is to include in the bill a clause that allows other departments to provide information needed for security inspections. The FSC plans to soon gather opinions by meeting with officials from major financial companies and then submit this plan to the National Assembly.
The Financial Services Commission (FSC) said in Feb. that it would push to enact the Digital Financial Security Act. The key is to allow financial companies to build security systems autonomously while imposing a high level of punitive penalty surcharge when an incident occurs. It also includes a provision that the FSC and the Financial Supervisory Service will refer to the results of evaluations of the company's voluntary security system during supervision and inspections.
The Digital Financial Security Act is also expected to include measures to strengthen CISO authority. This follows criticism that financial security tends to be regarded as the sole responsibility of the information security department, resulting in a lack of companywide effort to actively bolster security capabilities.
Legislative discussions to strengthen CISO authority are also underway in the National Assembly. In Nov., lawmaker Yu Dong-su of the Democratic Party of Korea introduced a partial amendment to the Electronic Financial Transactions Act centered on strengthening CISO authority. It includes provisions requiring the chief executive officer to grant CISOs the substantive authority and responsibility to perform their duties independently and to legally guarantee a two-year term.
With a string of security incidents in the financial sector recently, the authorities are moving to craft countermeasures. In Nov., a hacking incident at the virtual asset exchange Upbit led to 44.5 billion won of member assets being leaked externally, and in Aug., personal information of 2.97 million Lotte Card members was leaked. This month, 190,000 pieces of personal information belonging to Shinhan Card merchants were taken out.
An official at the Financial Services Commission (FSC) said, "We are preparing to include in the Digital Financial Security Act measures to support CISOs so they can make clearer decisions on in-house security matters."