FFIEC releases Cybersecurity Assessment Tool
Unfortunately, cybersecurity risk continues to become a more and more relevant threat to all financial institutions, regardless of asset size. As a result of increasing industry concern and actual events, the Federal Financial Institutions Examination Council (FFIEC) has been working for the last few years toward enhancing cybersecurity awareness. On June 30, 2015, the FFIEC released a new Cybersecurity Assessment Tool that is to be used to help institutions identify their cyber risks and gauge Cybersecurity preparedness.
The tool is made up of two parts, the inherent risk profile and cybersecurity maturity. The inherent risk profile assists in risk rating (least to most risky) the intuition’s:
- Technologies and connection types used
- Product and service delivery channels
- Online (web and mobile) products
- Organization changes
- External threats
After the inherent risk determination, the tool goes over five domains of cybersecurity maturity. Each of the domains listed below have several unique assessment factors identified in the tool.
- Cyber Risk Management and Oversight
- Threat Intelligence and Collaboration
- Cybersecurity Controls
- External Dependency Management
- Cyber Incident Management and Resilience.
The end result of the assessment is meant to allow management to understand if their inherent risk profile and cybersecurity maturity levels are aligned with another. The tool also suggests that results of the assessment should be shared with both the CEO and the Board of directors.
The FFIEC’s tool, which can be located at http://www.ffiec.gov/cyberassessmenttool.htm identifies the steps in performing your very own Cybersecurity Assessment. The assessment also has included a nice twenty-minute video presentation that touches on the assessment and has numerous other cybersecurity references for your education.
Are you concerned about your Bank’s Cybersecurity awareness and preparedness? For additional information contact Jeffrey Johns at firstname.lastname@example.org.