FFIEC Focuses on Cybersecurity, Will Debut Self-Assessment Tool
The FFIEC provided an overview of its Cybersecurity priorities for the remainder of 2015. These priorities originate from last year’s pilot assessment of 500 financial institutions.
Work is underway in the following workstreams:
Cybersecurity Self-Assessment Tool—The FFIEC plans to issue a self-assessment tool this year to assist institutions in evaluating their inherent cybersecurity risk and their risk management capabilities.
Incident Analysis—FFIEC members will enhance their processes for gathering, analyzing and sharing information with each other during cyber incidents.
Crisis Management—The FFIEC will align, update, and test emergency protocols to respond to system-wide cyber incidents in coordination with public-private partnerships.
Training—The FFIEC will develop training programs for the staff of its members on evolving cyber threats and vulnerabilities.
Policy Development—The FFIEC will update and supplement its Information Technology Examination Handbook to reflect rapidly evolving cyber threats and vulnerabilities with a focus on risk management and oversight, threat intelligence and collaboration, cybersecurity controls, external dependency management, and incident management and resilience.
Technology Service Provider Strategy—The FFIEC’s members will expand their focus on technology service providers’ ability to respond to growing cyber threats and vulnerabilities.
Collaboration with Law Enforcement and Intelligence Agencies—The FFIEC will build upon existing relationships with law enforcement and intelligence agencies to share information on the growing cybersecurity threats and response techniques
What does this mean for Financial Institutions?
Financial Institutions must remain up to date on the above enhancements and the FFIEC’s expanded focus on technology service providers’ cybersecurity preparedness.
The FFIEC has published several resources to help financial institutions improve their cybersecurity, including additional information regarding the cybersecurity assessment conducted in 2014. They are available on the FFIEC website athttp://www.ffiec.gov/cybersecurity.htm.