Office of the Chief Information Security Officer (OCISO) oversees the information and cybersecurity aspect of SBP and its subsidiaries. The Office is responsible to take strategic actions to ensure confidentiality, integrity and availability for data and information assets. OCISO develops and maintains IT Security Strategy, IT Security Policy, underlying security standards, security procedures, cyber risk management framework, and provides IT security services to IT and Business departments. The Office ensures implementation of risk-based security controls, and assesses efficacy of controls infrastructure and its effectiveness through regular risk assessment exercises and software vulnerability assessments.
The Office also hosts the 24 x 7 Information Security Operations Center for monitoring, detecting, and responding cyber threats using SIEM and Threat Intelligence Systems. OCISO also plays a key role in incorporating cyber security aspect in Business Continuity and Disaster Recovery Plans. Developing a cyber-aware culture within the Bank also falls under OCISO’s domain and the department has developed and implemented a comprehensive cyber security training and awareness program.
- To implement an effective information security governance structure within the Bank.
- To develop and maintain bank-wide IT Security Policy, Strategy, and Cyber Risk Management Framework.
- To recommend and enhance security controls in IT infrastructure through regular risk and vulnerability assessments.
- To establish and perform real-time, proactive security monitoring and detection capability of IT infrastructure.
- To enhance cyber security incident response and recovery capabilities.
- To develop and promote cyber security culture within the Bank.