Updated version of Cyber Operational Resilience Intelligence-led Exercises (CORIE) framework released

Published: Wednesday, 10 August 2022 07:34

The Australian Council of Financial Regulators has released an updated version of the Cyber Operational Resilience Intelligence-led Exercises framework (CORIE framework v2.0). The CORIE framework was developed to aid preparation and execution of industry-wide financial sector cyber resilience exercises.

All changes made to the framework are within the existing framework structure. Key pillars to the framework, including the gathering of threat intelligence to lead and shape adversary simulations, will remain.

The process for determining the financial institutions to participate in future exercises will take a risk-based approach, and will be conducted in the lead-up to each round of CORIE.

A separate guide for providers of threat intelligence and red teaming services is also available.

What is the Cyber Operational Resilience Intelligence-led Exercises (CORIE) framework?

In December 2020, the Council of Financial Regulators released the Cyber Operational Resilience Intelligence-led Exercises (CORIE) framework to test and demonstrate the cyber maturity and resilience of institutions within the Australian financial services industry. The CORIE framework was tested during a pilot program which ran from late 2020 to late 2021, and involved the participation of multiple financial institutions.

The Council of Financial Regulators

The Council of Financial Regulators (CFR) is the coordinating body for Australia’s main financial regulatory agencies. There are four members – the Australian Prudential Regulation Authority (APRA), the Australian Securities and Investments Commission (ASIC), the Reserve Bank of Australia (RBA) and The Treasury. The Reserve Bank Governor chairs the CFR and the RBA provides secretariat support.