OSFI Light Assessment

 OSFI LIGHT ASSESSMENT

The OSFI controls framework sets out desirable properties and characteristics of cyber security practices that could be considered by a Federally Regulated Financial Institution (FRFI) when assessing the adequacy of its cyber security framework and when planning enhancements to its framework. FRFIs are encouraged to reflect the current state of cyber security practices in their assessments rather than their target state and consider cyber security practices on an enterprise-wide basis.

LCM’s OSFI Assessment compares the FRFI’s current security state against the OSFI Framework, rating their current degree of maturity on a 1 to 4 scale.

 Get Started on Your OFSI Light Assessment

APPROACH TO OSFI LIGHT ASSESSMENT

LCM’s methodology for the OFSI Light Assessment is based on the OSFI Framework. It will compare the current state of security at the organization with the areas covered in the Framework. The missing controls will not, in every case, need to be implemented, and this will vary depending on budget, resource availability and their applicability to a business. A maturity rating will be applied to understand how well the existing controls have been implemented.

LCM recommends that this assessment be completed in six phases:

  1. Review the OSFI Framework

  2. Kick-off Meeting & Data Gathering

  3. Analyze All Gathered Data Information

  4. Prepare Documentation

  5. Draft Review

  6. Final Submission of Deliverables

The areas are covered by the OSFI Framework and are evaluated during LCM’s assessment process.

OSFI Areas of Control:

  1. Organization and Resources

  2. Cyber Risk and Control Assessment

  3. Situational Awareness

  4. Threat and Vulnerability Risk Management

  5. Cyber Security Incident Management

  6. Cyber Security Governance

OSFI LIGHT ASSESSMENT DELIVERABLES

Three documents will be created as a result of our activities:

  • Gap Summary: Including executive summary and a list of identified gaps and recommendations.

  • Cybersecurity Strategy Roadmap: Aligned with the OSFI Framework.

  • Implementation Plan: Mapped to the roadmap, including high-level activities, required resources (people), time estimates to complete, tools/technologies where appropriate, priority, recommended order of implementation.

OSFI LIGHT ASSESSMENT DELIVERY TEAM

Lead Assessor: A seasoned Information Security expert with over 10 years of professional experience in the industry, possessing various certifications and a degree in information security. The assessor has conducted numerous OSFI assessments for customers of various sizes across North America.

Virtual CISO: An Information Technology leader with over 20 years of experience in Cyber Security consulting and Managed Security Services, with CISA and CRISC certifications.

Report Writers: Will develop final reports based on the findings of the assessment.

Connect with Our Experts to Start Your OFSI Light Assessment