The Prudential Practice Guide CPG 234 enhances the management of information security for regulated entities. However, some banks still could not meet this until Q1 2020. They have encountered a series of cyber-attacks recently. To speed up their reporting on system risks and enhance their capabilities to predict system security compliance levels, we propose an approach to meet CPG 234 for the banking industry and present a machine learning model to automate the system security compliance process as well as to predict information security compliance levels. In experiments, we apply Long Short-Term Memory (LSTM) neural networks with an attention mechanism to the model with a dataset. Experimental results show outstanding network performance. The networks are evaluated by validation data demonstrating the model predictability. To enable to achieve a full compliance with CPG 234, we generate system security analytical reports showing where are major system risks under system security life cycle.
Wong, Ka Yee; Wong, Raymond; and Tai, Han, "Learning System Security Compliance for Banking" (2020). PACIS 2020 Proceedings. 193.
When commenting on articles, please be friendly, welcoming, respectful and abide by the AIS eLibrary Discussion Thread Code of Conduct posted here.