The Financial Supervisory Service will expand the criteria for assessing IT security vulnerabilities at financial firms this year. At the same time, it will carry out surprise inspections to check financial firms' security systems. The Financial Supervisory Service named advance prevention to respond early to IT security risks as a key task this year, and this move follows that policy.
According to the financial authorities on the 11th, the Financial Supervisory Service plans to meet soon with major financial firms and each industry association to discuss expanding the criteria for analyzing and assessing IT security vulnerabilities. Under the Enforcement Decree of the Electronic Financial Transactions Act, financial firms must submit to the financial authorities at least once a year the results of their in-house analysis and assessment of security facility vulnerabilities.
The criteria are supplemented every year, and this year the Financial Supervisory Service is considering further subdividing and increasing the assessment items compared with previous years. It is considering reflecting in detail, starting from basics such as whether each financial firm has an accurate grasp of the scale of its computing equipment. The intent is to strengthen oversight by checking security systems in a fine-grained manner.
Starting this year, the Financial Supervisory Service will also step up on-site inspections to verify whether security systems are being properly operated based on the assessment results submitted by financial firms. Through an organizational reshuffle this year, the Financial Supervisory Service created the Digital Risk Analysis Team within the Digital Finance Bureau. The Digital Risk Analysis Team will be in charge of surprise inspections of financial firms' security conditions. Based on this year's security vulnerability analysis results and on-site inspection findings, the Financial Supervisory Service plans to prepare necessary security reinforcement measures for the financial industry and announce them as guidelines.
The Financial Supervisory Service has made preemptive prevention of security incidents a key task this year. The core is to identify IT risks early and shift to a supervisory and inspection regime focused on prevention. To that end, it will continuously collect security information and establish emergency contact networks with major financial firms. An official at the Financial Supervisory Service said, "Starting this year, we will significantly strengthen the security assessment items for financial firms."