Media Release Number: 2020-06 8 December 2020

CORIE framework launched to test cyber resilience of Australia's financial services industry

The Council of Financial Regulators (CFR) has released a Cyber Operational Resilience Intelligence-led Exercises (CORIE) framework to test and demonstrate the cyber maturity and resilience of institutions within the Australian financial services industry. The CORIE framework has been developed to aid preparation and execution of industry-wide cyber resilience exercises.

A key objective of the CORIE framework is to provide data and reporting to inform relevant Australian regulators of systemic weaknesses that may present a risk to the integrity and stability of Australian financial markets. The framework also aims to identify actions to uplift the cyber resilience of financial institutions.

CORIE's exercises will mimic the tactics, techniques and procedures (TTPs) of real-life adversaries, creating and utilising tools, and using techniques that may not have been anticipated and planned for. These exercises measure the ability of an organisation to detect, respond and recover from the operations of a real adversary based on such TTPs.

A pilot exercise will be conducted within the next 18 months to seek feedback and measure the effectiveness of the CORIE framework.

Download the framework