The Three Lines of Defense Model
There are expectations from board members, CEOs and senior management at banks to implement robust cybersecurity practices. Cybersecurity no longer is a security risk limited to IT functions of an organization and there is an increasing recognition that it is now an integral part of operational risk management. This paper describes an optimal organizational structure called the “three-line-of-defense” model to implement a robust governance structure for cyber risk management within an organization.
This paper can be cited as: Vivek Srivastava: "The Three Lines of Defense Model," Reserve Bank Information Technology Pvt. Ltd. (2018) www.rebit.org.in