IT Examiner School eBook May 2025

Internal Use Only

CRI Profile (Cyber Risk Institute Profile)

DEVELOPED BY THE CYBER RISK INSTITUTE (CRI) , THIS PROFILE IS SPECIFICALLY

ALIGNS WITH EXISTING REGULATORY EXPECTATIONS, SUCH AS GLBA AND NYDFS 23 NYCRR 500.

PROVIDES A STREAMLINED APPROACH TO RISK ASSESSMENT, MAPPING DIRECTLY TO NIST, ISO, AND FFIEC EXPECTATIONS.

FOCUSES ON CORE CYBERSECURITY DOMAINS: GOVERNANCE, ASSET MANAGEMENT, DATA PROTECTION, THREAT AND VULNERABILITY MANAGEMENT, AND INCIDENT RESPONSE .

ENABLES MORE EFFICIENT REPORTING AND EXAMINATION READINESS.

DESIGNED FOR THE FINANCIAL SERVICES SECTOR.

Internal Use Only

NIST Cybersecurity Framework (CSF) 2.0

AN UPDATED VERSION OF THE ORIGINAL NIST CSF , FOCUSING ON IMPROVING RISK MANAGEMENT STRATEGIES.

PROVIDES A STRUCTURED APPROACH TO IDENTIFY, PROTECT, DETECT, RESPOND, AND RECOVER .

ENHANCED EMPHASIS ON SUPPLY CHAIN RISK MANAGEMENT AND SECURE SOFTWARE DEVELOPMENT .

ENCOURAGES DEEPER INTEGRATION WITH ORGANIZATIONAL RISK MANAGEMENT AND STRATEGIC OBJECTIVES.

WELL-RECOGNIZED BY REGULATORS AS A ROBUST FRAMEWORK FOR CYBERSECURITY READINESS.