Warning: Trying to access array offset on value of type bool in /home/levick/www/www/wp-content/plugins/elementor-pro/modules/dynamic-tags/tags/post-featured-image.php on line 36

Warning: Trying to access array offset on value of type bool in /home/levick/www/www/wp-content/plugins/elementor-pro/modules/dynamic-tags/tags/post-featured-image.php on line 36

Warning: Trying to access array offset on value of type bool in /home/levick/www/www/wp-content/plugins/elementor-pro/modules/dynamic-tags/tags/post-featured-image.php on line 36

Warning: Trying to access array offset on value of type bool in /home/levick/www/www/wp-content/plugins/elementor-pro/modules/dynamic-tags/tags/post-featured-image.php on line 36
Cyber Risk Institute Expands Its Profile – LEVICK
Fixing the ImpossiBle
24/7 (202) 973-1300   

Cyber Risk Institute Expands Its Profile


Warning: Trying to access array offset on value of type bool in /home/levick/www/www/wp-content/plugins/elementor-pro/modules/dynamic-tags/tags/post-featured-image.php on line 36

The Cyber Risk Institute (CRI) expanded its offerings for a vital segment of the financial services sector: insurers and the insurance industry.

Washington D.C. — On Nov. 12, 2020, the Cyber Risk Institute (CRI) released an update to its Profile to expand the Profile’s offerings and increase its utility for a vital segment of the financial services industry – insurers and the insurance industry. This Version 1.1 incorporates the National Association of Insurance Commissioners (NAIC) Financial Condition Examiners Handbook (sometimes referred to as the NAIC IT Handbook) updates, particularly updates to its Exhibit C: EVALUATION OF CONTROLS IN INFORMATION TECHNOLOGY (IT). Additionally, Profile v1.1 now includes a full suite of “Informative References” for the functions “Governance” and “Supply Chain/Dependency Management,” better connecting those functions and related diagnostics to widely used industry standards such as ISO, COBIT and NIST 800-53.

CRI Managing Director Josh Magri characterized the release of Version 1.1 as a great “next step” in the development of the Profile. “CRI is always working to improve and amplify the Profile by integrating new elements — but I am especially pleased that for our first update, we are adding guidance which is used across the insurance industry. This clearly demonstrates the flexibility of the Profile, and in certain ways, is a symbol of what is to come: we aren’t limited to one portion of the sector.”

The NAIC Handbook “offers specific instructions and suggestions for carrying out each individual phase of examination” and the inclusion of Exhibit C and amendments in the Profile eases the ability of these users to ensure they’re meeting their cybersecurity and IT requirements. Because NAIC managed this mapping to the Profile directly, the inclusion of the Handbook’s Exhibit C reflects the progressive approach that the NAIC has taken toward supporting industry compliance efforts, and their confidence in the Profile. It also provides Profile users certainty in the matching of the Profile diagnostic statements to regulator intent…Read more

More Posts

There But For the Grace of God Go I

Second in a Series on Risk Management and Communications By Richard Levick “If you don’t stick to your values when they’re being tested, they’re not

Your Very Bad Day

By Joe Stimac This week’s guest columnist is Joe Stimac, CEO of AccuHire and creator of InterviewReady.com. Joe is a research scientist and a sought-after