DFSA | THE INDEPENDENT REGULATOR OF FINANCIAL SERVICES
Enquiries
Services
E-portal Login

Supervisory Methodology

In assessing a Firm’s cyber risk systems and controls, the DFSA will consider the Firm’s IT and cyber risk governance, hygiene practices, and the Firm's cyber resilience

Governance

We focus on Firms’ effectiveness in identifying, mitigating, and monitoring cyber risks. In particular, we will assess:

  • Cyber risk management framework
  • Cyber risk identification and assessment capabilities
  • Board and senior management responsibilities and understanding of cyber risks
  • Third-party cyber risk management
  • IT asset identification and classification
  • Cyber training and awareness campaigns

Hygiene

We focus on the technical controls Firms have implemented to protect its IT systems and data within. In particular, we will assess:

  • Anti-malware protection
  • Network security
  • Access controls
  • User access management
  • Remote access and mobile devices
  • Change management Patch management
  • Backup management Encryption
  • Physical security
  • Cyber security testing

Resilience

We focus on Firms’ ability to respond to, recover from, and adapt to cyber incidents. In particular, we will assess:

  • Continuous monitoring and detection capabilities
  • Cyber incident response planning and preparation
  • Cyber incident response and recovery
  • Cyber incident notification
  • Information sharing

For better web experience, please use the website in portrait mode