Skip to main content

When it comes to information security in financial services, “The key question for the industry and policymakers is: How do we prioritize and balance risk-mitigation efforts focused on preventing an attack that could damage or destroy a key portion of the financial system’s critical infrastructure against the relatively low frequency to date of impactful attempts of this nature?”

This question was posed by Mark Clancy, DTCC Managing Director and Chief Information Security Officer, in the August 2012 issue of SCMagazine. “However, before this question can be answered, consensus needs to be developed around how critical infrastructure is defined,” Clancy added, stating that the definition must be narrow enough to cover the key components of the infrastructure so that investment in mitigation initiatives is properly focused.

“The Financial Services Sector Coordinating Council (FSSCC) is actively working to develop a process for defining critical infrastructure for the financial sector,” the article continues. “This is a priority because recent federal cyber-crime legislation leaves it to the agencies to make that determination. It is essential that the industry play a leading role in this process to help shape new federal policy.”

SCMagazine, which is published monthly in the U.S. and bimonthly in the U.K., focuses on information and computer security. Written for IT security professionals, the magazine’s print readership is 56,000 and it receives more than 3,495 unique visitors online. @

(To read the full article, visit and search “Clancy.”)