Finance & Banking , Industry Specific , Video
Looking Into the Human Factors in Risk Assessment Framework
Equicom CISO Highlights the Need for Banks to Perform Behavioral Risk AssessmentsFinancial institutions have many risk management frameworks at their disposal but few of them address human behavior risks, which may stem from an employee's information processing or the tools used. Assessments of these risks often lack depth, said Rei Nikolai Magnaye, CISO at Equicom Savings Bank in the Philippines.
See Also: Post-Transformation: Building a Culture of Security
"When it comes to human behavior, I have not seen much assessment, particularly in risk assessment, identification of risks and analysis and treatment of risks," Magnaye said.
Assessing human behavior in risk management requires understanding the psychological elements that influence decision-making and risk perception. Implementing training programs and behavioral assessments can help manage these human-related risks alongside technical controls, he said.
Magnaye said financial institutions should follow the Fogg Behavior Model - which says motivation, ability and a prompt are the requirements for a behavior to happen - to assess human risks.
In this video interview with Information Security Media Group, Magnaye discussed:
- How to choose the right risk management framework;
- The importance of considering human behavior risks;
- How to communicate behavior risks to the organization.
Magnaye has more than 14 years of experience in cybersecurity. He drives companies involved in healthcare and medical services, information technology, banking and finance, insurance and HMO to meaningfully uplift their capability, maturity and adherence to best practices and management system standards.