Clear definition of the business objectives and the scope
The financial sector in Israel, for whom the committee's work applied, was defined as the tree regulators, their regulated entities and all non-regulated organization critical for meeting the service goals enunciated by the regulators
Process analysis approach
Instead of thinking in terms of protecting the participating organizations, the committee chooses to look at what "needs to be done" and the supporting processes. That way, we were able to focus on Israel's best interests.
Mapping & analyzing the Critical processes
Defining the threat landscape
Protecting a process is a wide goal that must be broken down to smaller components in order to define a specific course of action. Hence, the committee took the time to identify the assets composing and supporting each critical process. These assets will become the subjects of our protection.
Now that we know what we are protecting we must recognize the threats to it in terms of their nature, the risks they pose and the likelihood the threat will materialize.
Performing an evaluation of possible scenarios and their impact on the financial sector and the potential damage they can inflict to it, taking into account the measures already taken by the government, the regulators and the organizations themselves to prevent or minimize the impact of such scenarios taking place.
As a part of defining the desired approach to mitigating the risks the financial system faces, the committee recommended the foundation of three new bodies: Financial Cyber & Continuity Center, Guidance Unit for the Financial Supply Chain, a financial forum of decision-makers that will steer the financial system in a time of crisis.