NASAA, TLI To Launch Cybersecurity Training Partnership
NASAA doesn’t launch moon rockets (that’s the other guys). The North American Securities Administrators Association is an international consortium of financial regulators that works toward standardizing financial rules between all 50 U.S. states, Canadian provinces and the states of Mexico. Despite its lack of rockets, NASAA will be launching something pretty important early next year: a partnership with TLI to train examiners in cybersecurity protocols.
Cybersecurity protection is an area that’s becoming more common -- and more complex -- at financial institutions around the world, according to Matthew Vatter of NASAA.
“Most of our examiners know finance, of course,” says Vatter. “They can go in and take a look at bank records, ledger books and business documentation, and tell whether or not the policies and procedures, the checks and balances required by law, are in place. But very few of them have the background needed to assess whether a cybersecurity program or an information security program is in compliance with state law. It’s simply a different skill set.”
As it turns out, getting the proper training for examiners wasn’t a simple matter.
NASAA spent nearly a year looking at existing training modules offered by vendors, but quickly recognized that most of it is too technical to be of use. “Cybersecurity training programs are usually geared toward IT professionals in the field, and include things like pen testing, network monitoring and other very specific IT tasks,” says Vatter. “That’s far more detail than our folks require. So we took a look at organizations that would be able to put together a proprietary program, something customized to our needs.”
After a thorough review, TLI emerged as the best solution. “We saw that TLI was the only entity that could provide a custom solution that’s oriented to the needs of the NASAA member base, and do it in such a way that would be affordable.”
That’s where TLI’s Arun Kothanath comes in. Arun is developing a series of 12 training modules to get NASAA examiners up to speed on cybersecurity protocols and employee cybersecurity training programs. According to Vatter, the modules allow for online training to take place at the examiner’s own pace.
As a result of the course, examiners will have a much clearer idea of how well financial companies are complying with cybersecurity laws and best practices. They will understand how the network within an organization works and how controls for oversight are used, as well as some of the vocabulary around the tools used for network monitoring, incident response and tracking network traffic.
They'll also be able to see and understand what tools the organization has in place and the laws that they're supposed to be following – and if the programs in place are sufficient to protect consumers.
NASAA employees will begin taking the training modules in January 2023. The modules are designed to be quickly updated as laws and protocols change, or to be adapted for use by other regulatory entities in the future.