Cyber Risk Institute updates security ‘profile’ for financial sector, plus new guidance on securing cloud

The financial sector’s Cyber Risk Institute has released an updated version of its cybersecurity “profile,” including new elements such as mapping to NIST’s ransomware guidance and “a reference to cybersecurity time synchronization controls based on best practices,” which the Treasury Department requested to meet requirements under an executive order.

“The CRI Profile connects key cybersecurity control principles to guidance from government agencies and can be updated to address new expectations as they arise,” the group said in a release Friday....