To support fast and efficient cyber threat intelligence sharing, please provide your Chief Information Security Officer’s (CISO) contact information by filling in this form.
SWIFT’s Customer Security Intelligence (CSI) cyber security response team undertakes detailed cyber forensics and analysis on suspect events. To support fast and efficient intelligence sharing with customers, it is important that SWIFT has accurate and up-to-date CISO contact information from every customer.
SWIFT will only process the CISO contact information in order to validate this data and to share security information. SWIFT shall not share this contact information with any other Organization than the (mother) Organisation for which the CISO is registered, unless the concerned CISO is first notified and has expressly agreed with it, or unless as otherwise required by law (e.g. in case of a judicial or regulatory procedure). In addition, the names of the Organizations that have registered a CISO in a specific community may be disclosed to the NMG chair and the SWIFT regional/country owners. No other CISO contact information will however be communicated to the NMG chair or the SWIFT regional/country owners.
In addition, we strongly recommend that CISOs, or designated Cyber, Risk or Security Officers, register as a SWIFT user on swift.com and subscribe to our Security Notification Service. The Security Notification Service publishes immediate notification on new indicators of Compromise (IOCs) or malware identified by our CSI cyber security response team as well as security recommendations and guidelines. When registering as a SWIFT User, the CISO must select whether (s)he wants to receive commercial campaigns related to SWIFT products and services or not.
All data shared will have an associated level of confidentiality based on the industry standard Traffic Light Protocol (TLP), to ensure that it can only be consumed by the appropriate stakeholder audience, e.g.:
- Red – Highly sensitive information, only to be shared within a small, controlled set of stakeholders, e.g. CISO of impacted firm
- Amber – Sensitive information - only to be shared within a controlled set of stakeholders
- Green - Information given to a community, but not for public release
- White – Information for public release
At any time, CISOs have the right to consult and (where appropriate) correct their own data. In addition, each known and validated member of the same Organization may request SWIFT (i) to confirm that a CISO has been registered for this Organisation and (ii) to provide his or her name. These rights may be exercised by sending a request to CSP.Feedback@swift.com.
If the CISO data is provided by a third-party, such third-party shall inform the CISO about the above and obtain the CISO’s consent before providing any CISO contact information.
For further information, please visit the Customer Security Programme page. For more information about SWIFT’s data protection practices, please consult the SWIFT Privacy Statement.
To subscribe to the Security notification, please go to SWIFT.com > [Login] using your SWIFT.com credentials > access tab [My Portal] > click on [Newsletters] > manage your subscriptions by clicking on [subscribe/unsubscribe] > ensure you select to receive the SWIFT Security notifications.
For further questions, please contact SWIFT Customer Support.