Financial Security Institute said on Monday it has developed and distributed a "financial security level assessment framework" so that financial companies can conduct detailed diagnoses of their security level and systematically improve weak areas.

The framework is made up of 45 items and 127 detailed principles across seven areas, including governance, identification, protection, detection, response, recovery and supply chains. It enables a comprehensive level assessment across all security domains.

Security levels are assessed in four stages: Initial, Defined, Managed and Advanced.

It is designed so that a financial company with an average security system receives the second-stage "Defined" rating. As the security level improves, the rating moves up to "Managed" and "Advanced".

In a pilot test by the institute, large domestic financial companies were found to have strong security systems, averaging at the third-stage, or "Managed", level. Global financial companies are expected to be at 3.5 stages or higher.

To help the framework take root in the financial sector, the institute set up a dedicated team in January called the Autonomous Security Research Team, made up of seven security experts in policy and technology. It plans to begin providing on-site assessment services in earnest from March, focusing on financial companies that want the service.

Park Sang-won (박상원), head of the Financial Security Institute, said securing autonomous security capabilities is most important for financial companies to proactively respond to new security threats in a rapidly changing financial IT environment, including eased network separation rules and AI transformation, or AX. He said the institute will do its best to help an advanced autonomous security culture, in which financial companies diagnose and improve their own security level, take root in the field.