CBEST

Working alongside the UK central Bank, the Bank of England (BoE), CREST has developed a framework to deliver controlled, bespoke, intelligence-led cyber security tests that replicate behaviours of those threat actors, assessed by Government and commercial intelligence providers as posing a genuine threat to systemically important financial institutions.  CBEST is the first of initiative of its type to be led by any of the world’s central banks.

CBEST differs from other security testing currently undertaken by the financial services sector because it is threat intelligence based, is less constrained and focuses on the more sophisticated and persistent attacks against critical systems and essential services.  The inclusion of specific cyber threat intelligence will ensure that that the tests replicate as closely as possible the evolving threat landscape and therefore will remain relevant and up to date.

CREST helped to develop the new accreditation standards for CBEST penetration testing, based on the already stringent standards for assessing the capabilities, policies and procedures that CREST member companies have to achieve. CBEST accredited professionals also need to demonstrate extremely high levels of technical knowledge, skill and competency.

BENEFITS TO THE FINANCIAL SECTOR

  • access to advanced and detailed  cyber threat intelligence;
  • access to knowledgeable, skilled and competent cyber threat intelligence analysts who have a detailed understanding of the financial services sector;
  • realistic penetration tests that replicate sophisticated, current attacks based on current and targeted cyber threat intelligence;
  • access to highly qualified penetration testers that understand how to conduct  technically difficult testing activities whilst ensuring that no damage or risk is caused;
  • confidence in the methodologies utilised by the companies within CBEST for conducting these sophisticated and sensitive tests;
  • confidence that the results and the information accessed by the testers will protected;
  • standard key performance indicators that can be used to assess the maturity of the organisation’s ability to detect and respond to cyber attacks;
  • access to benchmark information, through the key performance indicators, that can be utilised to assess other parts of the financial services industry;
  • a framework that is underpinned by comprehensive, enforceable and meaningful codes of conduct administered by a specialist professional body.

Details of the CREST approved cyber threat intelligence service suppliers and penetration testing companies can be found here.  These organisations will be described as being CREST STAR members to allow the scheme to be extended beyond financial services to other parts of the critical national infrastructure.

FURTHER INFORMATION
An introduction to the CBEST framework is available here.

The CBEST Implementation Guide provides an overview of the CBEST Scheme and how it will be implemented with the support of the security services industry.  It also provides practical advice on how the services under the CBEST Scheme can be procured.  It can be viewed here.

In addition to the documents above, the following are also available under NDA:

CBEST Threat Intelligence Framework: Threat Intelligence Concept of Operations
This document defines best practice standards for the production and consumption of threat intelligence. It is intended to provide CBEST with a foundation for defining and executing intelligence-led cyber threat vulnerability tests in conjunction with accredited suppliers of threat intelligence products and services.

CBEST Threat Intelligence Framework: Qualities of a threat intelligence provider
This document defines a set of qualities that participants should consider when selecting a threat intelligence provider for the purposes of conducting a CBEST test.  CBEST stakeholders can use this document to ensure that the selection of a threat intelligence provider will meet the criteria set out by the programme.

CBEST Threat Intelligence Framework: Threat Model
This document defines an analytical model of cyber threat intelligence in terms of a threat entity’s goal orientation, the capabilities it uses to pursue its goals and its modus operandi.  The model will act as a common guiding template for conducting a cyber threat assessment that will be used by security testers to define a set of realistic and threat-informed cyber attack test scenarios.

Please contact [email protected] for details.