On 25 August 2020, the Commission de Surveillance du Secteur Financier (CSSF) published Circular 20/750 on requirements regarding information and communication technology (ICT) and security risk management, implementing in Luxembourg the EBA Guidelines on ICT and security risk management.
This circular came into force on 25 August, and is therefore directly applicable. In this circular, an important part is about the Logical Security. This topics includes numerous best practices related to Identity and Access Management (IAM, IAG) and Privilege Access Management (PAM).
During our webinar, Jean-Hubert Antoine (CISO and Senior Manager at Grant Thornton Luxembourg), in collaboration with our partner Grabowsky (represented by Desire Noel), presented the key points to focus on to ensure a sufficient level of compliance on the Logical Security side.
Missed the webinar on this topic? Find below the key question raised during this webinar!
The CSSF Circular 20/750 is composed of many sections, and therefore seems to be a long way to comply to it. Are there any quick wins or easy way to reach a satisfying level of compliance quite quickly ?
An mandatory requirement of the circular is the definition of the ICT and security objectives and strategy and its alignment with the business objectives. We usually need a few ours to setup that with our customers. This is a nice quick win to start with. Another one is to setup a Security/Risk Committee to ensure the mandatory management review.
Are you keen to know more about this topic?
Speak to Jean-Hubert Antoine or to our business partner Désiré Noël to get more information on how to comply with the CSSF Circular 20/750.
We have built a series of webinars to help businesses increase resilience and present some lessons learned out of the COVID-19 crisis. Sign up below and be the first to get our latest webinar invitations direct to your inbox.