Guidance for Cybersecurity and Data Privacy Risk Analysis for Compliance Assurance of Banking Entities

Edinson Tavara; Fernando Huamán Monzón; Manuel Tupia

doi:10.1007/978-3-032-10947-7_10

Guidance for Cybersecurity and Data Privacy Risk Analysis for Compliance Assurance of Banking Entities

Edinson Tavara
, Fernando Huamán Monzón
, Manuel Tupia

Sección de Ingeniería Informática

Pontifical Catholic Univ. of Peru

Producción científica: Capítulo del libro/informe/acta de congreso › Contribución a la conferencia › revisión exhaustiva

Resumen

This study presents a comprehensive guide for cybersecurity and data privacy risk analysis, aimed at strengthening regulatory compliance in Peruvian banking entities. Utilizing the NIST CSF 2.0 and NIST SP 800-37 frameworks, it precisely identifies the set of regulatory obligations as well as the vulnerabilities and threats impacting the information assets of financial institutions. The proposed methodology encompasses everything from risk identification and assessment to the design of specific security controls, enabling entities to anticipate and effectively respond to the ever-changing dynamics of the digital and regulatory environments. The obtained results demonstrate that the implementation of this guide not only optimizes risk management but also serves as a strategic tool to ensure the integrity, confidentiality, and availability of information. In this regard, the study highlights the importance of adopting a proactive and systematic approach that fosters resilience and innovation within the banking sector. This work stands as a significant contribution, offering precise guidelines that encourage institutions to transform their security practices and prepare for the technological challenges of the future.

Idioma original	Inglés
Título de la publicación alojada	Developments and Advances in Defense and Security - Proceedings of MICRADS 2025
Editores	Alvaro Rocha, Ashok Vaseashta, Carlos Hernan Fajardo-Toro, Jose Maria Riola
Editorial	Springer Science and Business Media Deutschland GmbH
Páginas	110-122
Número de páginas	13
ISBN (versión impresa)	9783032109460
DOI	https://doi.org/10.1007/978-3-032-10947-7_10
Estado	Publicada - 2026
Evento	Multidisciplinary International Conference of Research Applied to Defense and Security, MICRADS 2025 - Orlando, Estados Unidos Duración: 24 jul. 2025 → 26 jul. 2025

Serie de la publicación

Nombre	Smart Innovation, Systems and Technologies
Volumen	462 SIST
ISSN (versión impresa)	2190-3018
ISSN (versión digital)	2190-3026

Conferencia

Conferencia	Multidisciplinary International Conference of Research Applied to Defense and Security, MICRADS 2025
País/Territorio	Estados Unidos
Ciudad	Orlando
Período	24/07/25 → 26/07/25

Acceder al documento

10.1007/978-3-032-10947-7_10

Otros archivos y enlaces

Enlace a la publicación en Scopus

Citar esto

Tavara, E., Huamán Monzón, F., & Tupia, M. (2026). Guidance for Cybersecurity and Data Privacy Risk Analysis for Compliance Assurance of Banking Entities. En A. Rocha, A. Vaseashta, C. H. Fajardo-Toro, & J. M. Riola (Eds.), Developments and Advances in Defense and Security - Proceedings of MICRADS 2025 (pp. 110-122). (Smart Innovation, Systems and Technologies; Vol. 462 SIST). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-032-10947-7_10

Tavara, Edinson ; Huamán Monzón, Fernando ; Tupia, Manuel. / Guidance for Cybersecurity and Data Privacy Risk Analysis for Compliance Assurance of Banking Entities. Developments and Advances in Defense and Security - Proceedings of MICRADS 2025. editor / Alvaro Rocha ; Ashok Vaseashta ; Carlos Hernan Fajardo-Toro ; Jose Maria Riola. Springer Science and Business Media Deutschland GmbH, 2026. pp. 110-122 (Smart Innovation, Systems and Technologies).

@inproceedings{280b9ce63c7e4852bddd3d7924a9941c,

title = "Guidance for Cybersecurity and Data Privacy Risk Analysis for Compliance Assurance of Banking Entities",

abstract = "This study presents a comprehensive guide for cybersecurity and data privacy risk analysis, aimed at strengthening regulatory compliance in Peruvian banking entities. Utilizing the NIST CSF 2.0 and NIST SP 800-37 frameworks, it precisely identifies the set of regulatory obligations as well as the vulnerabilities and threats impacting the information assets of financial institutions. The proposed methodology encompasses everything from risk identification and assessment to the design of specific security controls, enabling entities to anticipate and effectively respond to the ever-changing dynamics of the digital and regulatory environments. The obtained results demonstrate that the implementation of this guide not only optimizes risk management but also serves as a strategic tool to ensure the integrity, confidentiality, and availability of information. In this regard, the study highlights the importance of adopting a proactive and systematic approach that fosters resilience and innovation within the banking sector. This work stands as a significant contribution, offering precise guidelines that encourage institutions to transform their security practices and prepare for the technological challenges of the future.",

keywords = "Banking Entities, Banks, Compliance, Cybersecurity, Data Privacy, Information Security, Risk Management",

author = "Edinson Tavara and \{Huam{\'a}n Monz{\'o}n\}, Fernando and Manuel Tupia",

note = "Publisher Copyright: {\textcopyright} The Author(s), under exclusive license to Springer Nature Switzerland AG 2026.; Multidisciplinary International Conference of Research Applied to Defense and Security, MICRADS 2025 ; Conference date: 24-07-2025 Through 26-07-2025",

year = "2026",

doi = "10.1007/978-3-032-10947-7\_10",

language = "English",

isbn = "9783032109460",

series = "Smart Innovation, Systems and Technologies",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "110--122",

editor = "Alvaro Rocha and Ashok Vaseashta and Fajardo-Toro, \{Carlos Hernan\} and Riola, \{Jose Maria\}",

booktitle = "Developments and Advances in Defense and Security - Proceedings of MICRADS 2025",

}

Tavara, E, Huamán Monzón, F & Tupia, M 2026, Guidance for Cybersecurity and Data Privacy Risk Analysis for Compliance Assurance of Banking Entities. En A Rocha, A Vaseashta, CH Fajardo-Toro & JM Riola (eds.), Developments and Advances in Defense and Security - Proceedings of MICRADS 2025. Smart Innovation, Systems and Technologies, vol. 462 SIST, Springer Science and Business Media Deutschland GmbH, pp. 110-122, Multidisciplinary International Conference of Research Applied to Defense and Security, MICRADS 2025, Orlando, Estados Unidos, 24/07/25. https://doi.org/10.1007/978-3-032-10947-7_10

Guidance for Cybersecurity and Data Privacy Risk Analysis for Compliance Assurance of Banking Entities. / Tavara, Edinson; Huamán Monzón, Fernando; Tupia, Manuel.
Developments and Advances in Defense and Security - Proceedings of MICRADS 2025. ed. / Alvaro Rocha; Ashok Vaseashta; Carlos Hernan Fajardo-Toro; Jose Maria Riola. Springer Science and Business Media Deutschland GmbH, 2026. p. 110-122 (Smart Innovation, Systems and Technologies; Vol. 462 SIST).

Producción científica: Capítulo del libro/informe/acta de congreso › Contribución a la conferencia › revisión exhaustiva

TY - GEN

T1 - Guidance for Cybersecurity and Data Privacy Risk Analysis for Compliance Assurance of Banking Entities

AU - Tavara, Edinson

AU - Huamán Monzón, Fernando

AU - Tupia, Manuel

N1 - Publisher Copyright: © The Author(s), under exclusive license to Springer Nature Switzerland AG 2026.

PY - 2026

Y1 - 2026

N2 - This study presents a comprehensive guide for cybersecurity and data privacy risk analysis, aimed at strengthening regulatory compliance in Peruvian banking entities. Utilizing the NIST CSF 2.0 and NIST SP 800-37 frameworks, it precisely identifies the set of regulatory obligations as well as the vulnerabilities and threats impacting the information assets of financial institutions. The proposed methodology encompasses everything from risk identification and assessment to the design of specific security controls, enabling entities to anticipate and effectively respond to the ever-changing dynamics of the digital and regulatory environments. The obtained results demonstrate that the implementation of this guide not only optimizes risk management but also serves as a strategic tool to ensure the integrity, confidentiality, and availability of information. In this regard, the study highlights the importance of adopting a proactive and systematic approach that fosters resilience and innovation within the banking sector. This work stands as a significant contribution, offering precise guidelines that encourage institutions to transform their security practices and prepare for the technological challenges of the future.

AB - This study presents a comprehensive guide for cybersecurity and data privacy risk analysis, aimed at strengthening regulatory compliance in Peruvian banking entities. Utilizing the NIST CSF 2.0 and NIST SP 800-37 frameworks, it precisely identifies the set of regulatory obligations as well as the vulnerabilities and threats impacting the information assets of financial institutions. The proposed methodology encompasses everything from risk identification and assessment to the design of specific security controls, enabling entities to anticipate and effectively respond to the ever-changing dynamics of the digital and regulatory environments. The obtained results demonstrate that the implementation of this guide not only optimizes risk management but also serves as a strategic tool to ensure the integrity, confidentiality, and availability of information. In this regard, the study highlights the importance of adopting a proactive and systematic approach that fosters resilience and innovation within the banking sector. This work stands as a significant contribution, offering precise guidelines that encourage institutions to transform their security practices and prepare for the technological challenges of the future.

KW - Banking Entities

KW - Banks

KW - Compliance

KW - Cybersecurity

KW - Data Privacy

KW - Information Security

KW - Risk Management

UR - https://www.scopus.com/pages/publications/105027323985

U2 - 10.1007/978-3-032-10947-7_10

DO - 10.1007/978-3-032-10947-7_10

M3 - Conference contribution

AN - SCOPUS:105027323985

SN - 9783032109460

T3 - Smart Innovation, Systems and Technologies

SP - 110

EP - 122

BT - Developments and Advances in Defense and Security - Proceedings of MICRADS 2025

A2 - Rocha, Alvaro

A2 - Vaseashta, Ashok

A2 - Fajardo-Toro, Carlos Hernan

A2 - Riola, Jose Maria

PB - Springer Science and Business Media Deutschland GmbH

T2 - Multidisciplinary International Conference of Research Applied to Defense and Security, MICRADS 2025

Y2 - 24 July 2025 through 26 July 2025

ER -

Tavara E, Huamán Monzón F, Tupia M. Guidance for Cybersecurity and Data Privacy Risk Analysis for Compliance Assurance of Banking Entities. En Rocha A, Vaseashta A, Fajardo-Toro CH, Riola JM, editores, Developments and Advances in Defense and Security - Proceedings of MICRADS 2025. Springer Science and Business Media Deutschland GmbH. 2026. p. 110-122. (Smart Innovation, Systems and Technologies). doi: 10.1007/978-3-032-10947-7_10

Guidance for Cybersecurity and Data Privacy Risk Analysis for Compliance Assurance of Banking Entities

Resumen

Serie de la publicación

Conferencia

Acceder al documento

Otros archivos y enlaces

Huella

Citar esto