Cyber resilience testing


TIBER-IS is a framework for testing cyber security among participants critical to the Icelandic financial system. This framework aims to help the participants to better understand their capacity to manage cyber risks, thus providing a base for strengthening resilience in the Icelandic financial system. TIBER-IS is based on the TIBER-EU framework.

TIBER-EU is a framework developed by the ECB that makes it possible to test, in a standardized way, resilience to cyber risks among players critical to the financial system. The test (known as red team testing) involves the controlled simulation of a cyber attack on an organization’s employees, processes, and technology. The test is not a ‘pass or fail’ test but is aimed at identifying shortcomings so that resilience can then be improved at participating institutions. The focus is on the learning experience of the defending staff of the institutions.

The main aims of TIBER-EU are:

  • to strengthen resilience against cyber threats in the financial sector,
  • to standardize and harmonize the implementation of so-called red team tests within the EEA, and
  • to provide support for cross-border tests.

The Central bank of Iceland decided in February 2023 to adopt the TIBER-EU framework and publish guidelines for the national adaptation of Iceland, TIBER-IS. The Central bank has cooperated with systematically important banks in adapting the framework to the Icelandic market. The implementation guide for TIBER-IS describes the Icelandic adaptation of the TIBER-EU framework.
TIBER-IS is not restricted to testing financial institutions but can be used in all sectors of the society.

For further information contact

Related content

Description of TIBER-EU 
TIBER-IS Implementation Guide