Proposal for a common categorisation of IT incidents

The Bank of Italy today publishes 'Proposal for a common categorisation of IT incidents', the sixth issue of the series 'Markets, infrastructures, payment systems'.

This paper presents the proposal for a common categorisation of malicious cyber incidents (cyber‑attacks) and other information technology (IT) incidents formulated by ten financial authorities that are members of the G-7 Cyber Expert Group (CEG) and that represent six of the G-7 jurisdictions.

The aim of the proposal is to promote the harmonisation of the various incident reports that authorities require from financial institutions by defining common principles and developing a common taxonomy for incident reporting. The adoption of these common principles and taxonomy should make incident reporting more robust and effective by facilitating a common understanding of incidents, the sharing of information, and the joint management of IT cross-border crises.