Guidance for Cybersecurity and Data Privacy Risk Analysis for Compliance Assurance of Banking Entities

Edinson Tavara; Fernando Huamán Monzón; Manuel Tupia

doi:10.1007/978-3-032-10947-7_10

Guidance for Cybersecurity and Data Privacy Risk Analysis for Compliance Assurance of Banking Entities

Edinson Tavara
, Fernando Huamán Monzón
, Manuel Tupia

Sección de Ingeniería Informática

Pontifical Catholic Univ. of Peru

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

This study presents a comprehensive guide for cybersecurity and data privacy risk analysis, aimed at strengthening regulatory compliance in Peruvian banking entities. Utilizing the NIST CSF 2.0 and NIST SP 800-37 frameworks, it precisely identifies the set of regulatory obligations as well as the vulnerabilities and threats impacting the information assets of financial institutions. The proposed methodology encompasses everything from risk identification and assessment to the design of specific security controls, enabling entities to anticipate and effectively respond to the ever-changing dynamics of the digital and regulatory environments. The obtained results demonstrate that the implementation of this guide not only optimizes risk management but also serves as a strategic tool to ensure the integrity, confidentiality, and availability of information. In this regard, the study highlights the importance of adopting a proactive and systematic approach that fosters resilience and innovation within the banking sector. This work stands as a significant contribution, offering precise guidelines that encourage institutions to transform their security practices and prepare for the technological challenges of the future.

Original language	English
Title of host publication	Developments and Advances in Defense and Security - Proceedings of MICRADS 2025
Editors	Alvaro Rocha, Ashok Vaseashta, Carlos Hernan Fajardo-Toro, Jose Maria Riola
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	110-122
Number of pages	13
ISBN (Print)	9783032109460
DOIs	https://doi.org/10.1007/978-3-032-10947-7_10
State	Published - 2026
Event	Multidisciplinary International Conference of Research Applied to Defense and Security, MICRADS 2025 - Orlando, United States Duration: 24 Jul 2025 → 26 Jul 2025

Publication series

Name	Smart Innovation, Systems and Technologies
Volume	462 SIST
ISSN (Print)	2190-3018
ISSN (Electronic)	2190-3026

Conference

Conference	Multidisciplinary International Conference of Research Applied to Defense and Security, MICRADS 2025
Country/Territory	United States
City	Orlando
Period	24/07/25 → 26/07/25

Keywords

Banking Entities
Banks
Compliance
Cybersecurity
Data Privacy
Information Security
Risk Management

Access to Document

10.1007/978-3-032-10947-7_10

Cite this

Tavara, E., Huamán Monzón, F., & Tupia, M. (2026). Guidance for Cybersecurity and Data Privacy Risk Analysis for Compliance Assurance of Banking Entities. In A. Rocha, A. Vaseashta, C. H. Fajardo-Toro, & J. M. Riola (Eds.), Developments and Advances in Defense and Security - Proceedings of MICRADS 2025 (pp. 110-122). (Smart Innovation, Systems and Technologies; Vol. 462 SIST). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-032-10947-7_10

Tavara, Edinson ; Huamán Monzón, Fernando ; Tupia, Manuel. / Guidance for Cybersecurity and Data Privacy Risk Analysis for Compliance Assurance of Banking Entities. Developments and Advances in Defense and Security - Proceedings of MICRADS 2025. editor / Alvaro Rocha ; Ashok Vaseashta ; Carlos Hernan Fajardo-Toro ; Jose Maria Riola. Springer Science and Business Media Deutschland GmbH, 2026. pp. 110-122 (Smart Innovation, Systems and Technologies).

@inproceedings{280b9ce63c7e4852bddd3d7924a9941c,

title = "Guidance for Cybersecurity and Data Privacy Risk Analysis for Compliance Assurance of Banking Entities",

abstract = "This study presents a comprehensive guide for cybersecurity and data privacy risk analysis, aimed at strengthening regulatory compliance in Peruvian banking entities. Utilizing the NIST CSF 2.0 and NIST SP 800-37 frameworks, it precisely identifies the set of regulatory obligations as well as the vulnerabilities and threats impacting the information assets of financial institutions. The proposed methodology encompasses everything from risk identification and assessment to the design of specific security controls, enabling entities to anticipate and effectively respond to the ever-changing dynamics of the digital and regulatory environments. The obtained results demonstrate that the implementation of this guide not only optimizes risk management but also serves as a strategic tool to ensure the integrity, confidentiality, and availability of information. In this regard, the study highlights the importance of adopting a proactive and systematic approach that fosters resilience and innovation within the banking sector. This work stands as a significant contribution, offering precise guidelines that encourage institutions to transform their security practices and prepare for the technological challenges of the future.",

keywords = "Banking Entities, Banks, Compliance, Cybersecurity, Data Privacy, Information Security, Risk Management",

author = "Edinson Tavara and \{Huam{\'a}n Monz{\'o}n\}, Fernando and Manuel Tupia",

note = "Publisher Copyright: {\textcopyright} The Author(s), under exclusive license to Springer Nature Switzerland AG 2026.; Multidisciplinary International Conference of Research Applied to Defense and Security, MICRADS 2025 ; Conference date: 24-07-2025 Through 26-07-2025",

year = "2026",

doi = "10.1007/978-3-032-10947-7\_10",

language = "English",

isbn = "9783032109460",

series = "Smart Innovation, Systems and Technologies",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "110--122",

editor = "Alvaro Rocha and Ashok Vaseashta and Fajardo-Toro, \{Carlos Hernan\} and Riola, \{Jose Maria\}",

booktitle = "Developments and Advances in Defense and Security - Proceedings of MICRADS 2025",

}

Tavara, E, Huamán Monzón, F & Tupia, M 2026, Guidance for Cybersecurity and Data Privacy Risk Analysis for Compliance Assurance of Banking Entities. in A Rocha, A Vaseashta, CH Fajardo-Toro & JM Riola (eds), Developments and Advances in Defense and Security - Proceedings of MICRADS 2025. Smart Innovation, Systems and Technologies, vol. 462 SIST, Springer Science and Business Media Deutschland GmbH, pp. 110-122, Multidisciplinary International Conference of Research Applied to Defense and Security, MICRADS 2025, Orlando, United States, 24/07/25. https://doi.org/10.1007/978-3-032-10947-7_10

Guidance for Cybersecurity and Data Privacy Risk Analysis for Compliance Assurance of Banking Entities. / Tavara, Edinson; Huamán Monzón, Fernando; Tupia, Manuel.
Developments and Advances in Defense and Security - Proceedings of MICRADS 2025. ed. / Alvaro Rocha; Ashok Vaseashta; Carlos Hernan Fajardo-Toro; Jose Maria Riola. Springer Science and Business Media Deutschland GmbH, 2026. p. 110-122 (Smart Innovation, Systems and Technologies; Vol. 462 SIST).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Guidance for Cybersecurity and Data Privacy Risk Analysis for Compliance Assurance of Banking Entities

AU - Tavara, Edinson

AU - Huamán Monzón, Fernando

AU - Tupia, Manuel

N1 - Publisher Copyright: © The Author(s), under exclusive license to Springer Nature Switzerland AG 2026.

PY - 2026

Y1 - 2026

N2 - This study presents a comprehensive guide for cybersecurity and data privacy risk analysis, aimed at strengthening regulatory compliance in Peruvian banking entities. Utilizing the NIST CSF 2.0 and NIST SP 800-37 frameworks, it precisely identifies the set of regulatory obligations as well as the vulnerabilities and threats impacting the information assets of financial institutions. The proposed methodology encompasses everything from risk identification and assessment to the design of specific security controls, enabling entities to anticipate and effectively respond to the ever-changing dynamics of the digital and regulatory environments. The obtained results demonstrate that the implementation of this guide not only optimizes risk management but also serves as a strategic tool to ensure the integrity, confidentiality, and availability of information. In this regard, the study highlights the importance of adopting a proactive and systematic approach that fosters resilience and innovation within the banking sector. This work stands as a significant contribution, offering precise guidelines that encourage institutions to transform their security practices and prepare for the technological challenges of the future.

AB - This study presents a comprehensive guide for cybersecurity and data privacy risk analysis, aimed at strengthening regulatory compliance in Peruvian banking entities. Utilizing the NIST CSF 2.0 and NIST SP 800-37 frameworks, it precisely identifies the set of regulatory obligations as well as the vulnerabilities and threats impacting the information assets of financial institutions. The proposed methodology encompasses everything from risk identification and assessment to the design of specific security controls, enabling entities to anticipate and effectively respond to the ever-changing dynamics of the digital and regulatory environments. The obtained results demonstrate that the implementation of this guide not only optimizes risk management but also serves as a strategic tool to ensure the integrity, confidentiality, and availability of information. In this regard, the study highlights the importance of adopting a proactive and systematic approach that fosters resilience and innovation within the banking sector. This work stands as a significant contribution, offering precise guidelines that encourage institutions to transform their security practices and prepare for the technological challenges of the future.

KW - Banking Entities

KW - Banks

KW - Compliance

KW - Cybersecurity

KW - Data Privacy

KW - Information Security

KW - Risk Management

UR - https://www.scopus.com/pages/publications/105027323985

U2 - 10.1007/978-3-032-10947-7_10

DO - 10.1007/978-3-032-10947-7_10

M3 - Conference contribution

AN - SCOPUS:105027323985

SN - 9783032109460

T3 - Smart Innovation, Systems and Technologies

SP - 110

EP - 122

BT - Developments and Advances in Defense and Security - Proceedings of MICRADS 2025

A2 - Rocha, Alvaro

A2 - Vaseashta, Ashok

A2 - Fajardo-Toro, Carlos Hernan

A2 - Riola, Jose Maria

PB - Springer Science and Business Media Deutschland GmbH

T2 - Multidisciplinary International Conference of Research Applied to Defense and Security, MICRADS 2025

Y2 - 24 July 2025 through 26 July 2025

ER -

Tavara E, Huamán Monzón F, Tupia M. Guidance for Cybersecurity and Data Privacy Risk Analysis for Compliance Assurance of Banking Entities. In Rocha A, Vaseashta A, Fajardo-Toro CH, Riola JM, editors, Developments and Advances in Defense and Security - Proceedings of MICRADS 2025. Springer Science and Business Media Deutschland GmbH. 2026. p. 110-122. (Smart Innovation, Systems and Technologies). doi: 10.1007/978-3-032-10947-7_10

Guidance for Cybersecurity and Data Privacy Risk Analysis for Compliance Assurance of Banking Entities

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this