G20 develops cyber lexicon to help beat cyber risks

July 02, 2018
Chris Wheal

The Financial Stability Board (FSB) has drawn up a draft cyber lexicon as one tool in its arsenal to tackle threats to cyber security and cyber resilience on a global scale. Now terminology such as social engineering, tactics, techniques and procedures (TTPs) and threat actor may all become part of a common core lexicon of terms.

Cyber lexicon to help beat cyber crime Source: Shutterstock.com

The draft lexicon which is currently published as a consultative document and is open for comment as part of a drive by G20 finance ministers and central bank governors to address cyber crime, which could have disastrous effects on the financial systems at both country and international levels. Think of the 2017 WannaCry ransom attack which infected more than 250,000 computer systems in 150 countries and the Equifax hacking incident, which affected the accounts of over 146 million people.

The FSB undertook a stocktaking initiative that reviewed current regulations and supervisory practices in G20 countries and existing international guidance to identify effective practices. Since it delivered its report in October 2017, the FSB moved forward with a request by the international forum to develop a lexicon that would support cross-border work to protect financial stability and prevent cyber crime.

Bringing deeper meaning

The objective of the cyber lexicon is to support the work of standard-setting bodies (SSBs); private sector and state authorities among others. The FSB lexicon is neither meant to be comprehensive in its cover of technical cyber-security or -resilience related terms nor is intended for legal or contract use. However, the lexicon will facilitate:

  • Cross-sector common understanding of relevant cyber security and cyber resilience terminology
  • Work to assess and monitor financial stability risks of cyber risk scenarios
  • Information sharing as appropriate
  • Work by the FSB and/or SSBs to provide guidance related to cyber security and cyber resilience, including identifying effective practices

Some of the common definitions may seem fairly banal but in the world of cyber security have deeper connotations and meanings as the lexicon clearly draws attention to. A few highlights are:

  • Alert: Notification that a specific attack or threat has been directed at an organisation’s information systems
  • Campaign: A grouping of adversarial behaviours that describes a set of malicious activities that occur over a period of time against a specific set of targets
  • Cyber Hygiene: A set of practices for managing the most common and pervasive cyber risks faced by organisations
  • Red Team Exercise: An exercise, reflecting real world conditions, that is conducted as a simulated adversarial attempt to compromise organisational activities and/or business processes to provide an assessment of the security capability of the information system and organisation
  • Social Engineering: A general term for trying to deceive people into revealing confidential information or performing certain actions

 

Post written by Chris Wheal
Chris Wheal is editor of OpenLedger's news and features service. An award-wining business journalists himself, he runs a team of freelance journalists from across the UK and north America.

Related News

OL DEX is closing all activities April 25, 2020
USDT (ERC-20) Gateway Enabled April 17, 2020