Archive

Go to:

August 2017
SMTWTFS
12345
6789101112
13141516171819
20212223242526
2728293031
< Jul Sep >
Leaguer Email Subscription

You are not currently subscribed. Click Subscribe below to receive the Leaguer email.

FFIEC Releases Cybersecurity Assessment Observations and Recommendations
Wednesday, November 5, 2014 6:25 AM

The Federal Financial Institutions Examination Council released observations from its cybersecurity assessment and recommended regulated financial institutions participate in the Financial Services Information Sharing and Analysis Center (FS-ISAC).

During the summer of 2014, FFIEC members piloted a cybersecurity assessment at more than 500 community institutions to evaluate the institutions’ preparedness to mitigate cybersecurity risks. The assessment supplemented regularly scheduled exams and built upon key supervisory expectations contained within existing FFIEC information technology handbooks and other regulatory guidance. The “FFIEC Cybersecurity Assessment General Observations” provides themes from the assessment and suggests questions that chief executive officers and boards of directors may consider when assessing their institutions’ cybersecurity preparedness.

The FFIEC also recommended that financial institutions of all sizes participate in the FS-ISAC as part of their process to identify, respond to, and mitigate cybersecurity threats and vulnerabilities. The FS-ISAC is a non-profit, information-sharing forum established by financial services industry participants to facilitate the public and private sectors’ sharing of physical and cybersecurity threat and vulnerability information.

Rapidly evolving cybersecurity risks reinforce the need for all institutions and their critical technology service providers to have appropriate methods for obtaining, monitoring, sharing, and responding to threat and vulnerability information. Financial institution management is expected to monitor and maintain sufficient awareness of cybersecurity threats and vulnerability information so that they may evaluate risk and respond accordingly.

Related Links:

FFIEC Cybersecurity Assessment General Observations (PDF)

Cybersecurity Threat and Vulnerability Monitoring and Sharing Statement (PDF)