TIBER, Threat Intelligence-Based Ethical Red teaming, is a binding framework developed by the European Central Bank to create resilience in the financial industry and achieve EU-wide standardization and mutual recognition of cyber tests. The regulatory framework complements other security standards that have not worked effectively enough – they have failed to reduce the amount of cyber-driven crime in the industry.
The framework is dynamic and focuses on gap analyses between the assets of the financial entity and relevant protection against the potential attacker. TIBER is driven by both the information value in the systems and the criticality of the systems themselves. Our work with TIBER is based on two parts: threat and intelligence analysis (threat intelligence) and intelligence-based penetration tests (red teaming).
Throughout the process, we work closely with the customer's White Team, which together with our consultants ensures that all phases of the TIBER test are conducted in a controlled manner and do not expose the customer to unnecessary risks. Sweden’s central bank (Riksbank) also participates in the White Team.
Quick facts
- Binding for the entire financial sector
- Focus on the information in the systems
- Threat and intelligence analysis
- Red Team tests
- Create safeguards