SIGS Roundtable Discussion

How to implement Circular 2008/21 Operational Risks Banks, Principle 4: Technological Infrastructure – article by article

Save the DateClick on the .ics file to save the date

Target Audience Information Security Professionals
CIO’s, CISO, IT Manager, Security Officer, Security Architects and Engineers – all from end customer side (ONLY) who are interested in this specific topic

Consultancies and Resellers/Integrators as well as Vendors are not authorized as participants.

CPE Credits Earn 3.75 CPE (Continuing Professional Education) for attending a SIGS Afterwork Event. Please request a confirmation.
Location PostFinance AG
Mingerstrasse 20
3030 Bern

Date of Event 23rd of January 2019
Language German or English – depends on the participants

Participation Costs For free
If there’s time and interest, we also can go for lunch on each owns account


9:00 – 12:00 Points to discuss – moderated by Markus Siffert, Risk, Security & Compliance Manager at PostFinance AG

IT Risks

  • What measures have you implemented in order to adhere to Principle 4 of Circ. 2008 / 21 Operational Risk Bancs?
  • On which basis did you determine your most significant components of the network infrastructure as well as critical applications and IT infrastructure including interfaces with third parties?
  • How did you manage to ensure, that there is a clear definition of roles, tasks and responsibilities in relation to the critical applications and associated IT infrastructure and critical and / or sensitive data and processes designed?
  • How do you make sure, that IT risks are identified and assessed in a systematic manner, when performing due diligence reviews, particularly in cases of acquisitions or outsourcings relating to IT services, and with regard to monitoring service provider agreements?
  • What are your measures to increase employees’ awareness of their responsibility to reduce IT risks and to comply with and strengthen IT information security?
  • Have you covered any other aspects in your IT risk management concept?

Cyber Risks

  • Which threat potentials have you identified that do result of cyber-attacks, in particular with regard to critical and / or sensitive data and IT systems?
  • What measures have you implemented or planned, to protect business processes and technology infrastructure against cyber-attacks, in particular with regard to the confidentiality, integrity and availability of critical and / or sensitive data and IT systems?
  • How do you ensure the timely detection and recording of cyber-attacks based on a process for systematic monitoring of the technology infrastructure?
  • How is your response to cyber-attacks to designed and implemented? Do your measures rely on normal business procedures and on your business continuity management?
  • Are there procedures to ensure timely restoration of normal business operations following cyber-attacks through appropriate actions?
  • Do you perform vulnerability tests and penetrations tests on a regular basis in order to protect critical and / or sensitive data and IT systems from cyber-attacks? Are such tests carried out by qualified personnel and adequate (internal / external) resources?
12:00 – open Joint lunch for the one who like


This is a ‘must attend’ event for all security professionals! We are confident that the relationships you develop here will prove to be crucial to your continuing success.

Register here!

With the registration for this event you accept, that SIGS may use the data entered for its own purposes and may share it for use with its event partners and event sponsors of this platform.

Earn CPE Credits for
attending SIGS Events

Registration here!