Monetary Authority of Singapore Technology Risk Management Guidelines (MAS-TRMG) Compliance Automation
The Monetary Authority of Singapore (MAS) established the Technology Risk Management Guidelines (TRMG) to promote reasonable assurance of achieving objectives relating to financial reporting, operational control, and compliance for financial institutions (FI). With an increasing scope and complexity of supporting information technology, a MAS-TRMG program is established to provide a robust technology risk management framework to strengthen resiliency, system security, incident response, reliability, and the ability to protect customer financial data. With the variability of risks and diverse activities facing FIs, SIEM technology should augment and streamline compliance objectives, providing forensic evidence, advanced alerts, and correlation. All of this fosters the maturity of the FI’s compliance posture and allows for managing incidents and investigations by collecting and providing forensic evidence from financial systems and supporting networks.
LogRhythm’s MAS-TRMG Compliance Automation Suite provides augmented and direct support of control objectives through pre-bundled Investigations, Alarms, AIE rules, and Reports. Alarms and Reports are automatically associated with the correct in-scope MAS-TRMG log sources. You can then schedule Reports for periodic generation and delivery, or generate them on demand. This assists in delivering appropriate content to audit, IT operations, IT security, and Executive Management. To identify areas of non-compliance in real-time, you can leverage Investigations and Alarms for immediate analysis of activities that impact your FI's in-scope environments. In addition, LogRhythm’s Case Management can utilize the content from the MAS-TRMG Compliance Automation Suite to facilitate incident response activities and remediation. The following sections highlight these module components and provide all content provided within the module.
As FI’s mature in their compliance adherence, LogRhythm’s approach to compliance offers various components that can be utilized and enhanced throughout the lifecycle of the FI’s compliance. The goal is to mature with the FI to bridge the gap between compliance and cyber security programs eventually. Trends in control objectives indicate an increased requirement to address cyber security risks and to establish a robust Incident Response function. With this trend in mind, LogRhythm has developed compliance modules that augment controls based on cyber security risks. LogRhythm’s Case Management is a platform to establish and mature an Incident Response program as a central collection and distribution of forensic data.
This document is divided into the following sections: