FFIEC Counts on Its New Cybersecurity Assessment 'Tool' Developed for Financial Institutions
WASHINGTON: The Federal Financial Institutions Examination Council (FFIEC) unleashes the new Cybersecurity Assessment Tool (Assessment) for extending support to management and directors of financial institutions to understand supervisory expectations, create awareness on cyber security risks thereby assess and mitigate impending threats.
Designed specifically to aid the security requirements of financial institutions, the platform not only evaluates the level of risks but also determines their capacity to manage and control these threats. The tool is essentially a user's guide that leads institutions through self-assessment.
Comprising mainly of two sections, one is the ‘Inherent Risk Profile’ which understands how each activity, service, and product contribute to the inherent risk; determine the institution’s overall profile and whether a specific category poses additional risk while the second, ‘Cybersecurity Maturity’ determines the institution’s cyber security maturity levels across each of the five domains.
"The assessment provides a repeatable and measurable process for institutions to measure their cybersecurity preparedness over time," the FFIEC says in a given overview of the tool.
The FFIEC has made resources available for institutions which is useful for references. The materials include an executive overview, a user’s guide, an online presentation explaining the Assessment, and appendices mapping the Assessment’s baseline maturity statements to the FFIEC Information Technology Examination Handbook. The materials also incorporate cyber security standards developed by the National Institute of Standards and Technology Cybersecurity Framework.
Meanwhile, through an upcoming Paperwork Reduction Act notice in the Federal Register, the FFIEC members are expecting institutions to give healthy feedbacks on the Assessment. The tool will be updated as new threats, vulnerabilities, and operational environments evolve.
By John Kamin, EVP and CIO, Old National Bancorp
By Gregg T. Martin, VP & CIO, Arnot Health
By Dave Doyle, CIO & SVP, IT, Regal Entertainment Group
By Sergey Cherkasov, CIO, PhosAgro
By Adrian Mebane, VP-Global Ethics & Compliance, The Hershey...
By Mike Fitton, Wireless Business Unit Director, Altera
By Jim Kaskade, VP and GM, Big Data & Analytics, CSC
By Thomas Musgrave, EVP & CIO, AmeriCold Logistics
By Vin Sharma, Director, Strategic Planning & Marketing, Big...
By Federico Flórez, Chief Information & Innovation Officer,...
By Barbara Adams, VP, Innovative Technology Solutions, Texas...
By John Mason, CIO, Bottomline Technologies
By Jamshid Khazenie, CTO, USA Today Network / Gannett
By Miguel Gamino, CIO & Executive Director-Department of...
By Bill Schimikowski, VP, Customer Experience, Fidelity...
By Tom Bressie, Vice President, Oracle Cloud
By John Landwehr, Public Sector CTO, Adobe
By Aaron Gette, CIO, The Bay Club Company
By Denise Zabawski, CIO, Nationwide Children's Hospital
By Amit Bahree, Executive, Global Technology and Innovation,...