Financial Crime World

Tonga’s Financial Institutions Urged to Enhance Cybersecurity Measures

The Tongan Government has released a comprehensive cybersecurity manual aimed at protecting financial institutions in the country from growing cyber threats. The manual, developed with internationally recognized IT security frameworks in mind, provides strategic and practical guidance on how organizations can safeguard their systems and data.

Target Audience

The manual is targeted at government agencies and private enterprises, with the goal of improving overall security profiles and ICT capabilities across the country. By implementing these measures, financial institutions can reduce the risk of cyber attacks and protect sensitive customer information.

The Cybersecurity Management Process

The cybersecurity management process outlined in the manual involves several key steps:

  • Information Asset Inventory: A critical first step is to identify and categorize an organization’s information assets, including systems, applications, data, and other resources.
  • Risk Scenarios: Security risks are identified, analyzed, and evaluated using a simplified risk scenario method or advanced risk assessment approach.
  • Risk Treatment: All important cyber security risks are managed by selecting and applying protective measures, such as security controls.
  • Security Control Assessment: The effectiveness of these controls is assessed to ensure they are implemented correctly and operating as intended.
  • Monitoring of Cyber Threats: Ongoing monitoring of cyber threats and associated risks enables organizations to take corrective action in response to evolving cybersecurity landscape.

Implementation Guidance

To implement the manual, financial institutions are advised to:

  • Assign a responsible person for information security management
  • Provide necessary resources such as training and funding
  • Support high-level decisions with regular progress updates

By following these guidelines, Tongan financial institutions can enhance their cybersecurity measures and reduce the risk of cyber attacks.