Abstract

While the critical infrastructures of financial institutions encapsulate both physical and cyber assets, their security is regarded in isolation from one another making financial institutions vulnerable to attacks against their physical and cyber assets. Drawing on an analysis of the needs of financial institutions, this Chapter proposes the FINSEC Reference Architecture (RA). The FINSEC RA aims at addressing the cyber-physical integration, the collaboration of stakeholders in the financial sector, the regulations and recommendations, the low level of automation at probes and platform/services level, and the lack of flexibility in front of a wide range of threats. The proposed architecture accounts for the regulations and recommendations applicable to the financial security sector, and considers relevant recommendations from standards development organizations such as ENISA. The Chapter reflects on the methodology adopted for building the RA and presents the schema of the RA including its structure tiers and building blocks corresponding to the different functionalities of FINSEC platform.