Read more about the current Greenbook proposals. ...
This site uses cookies to ensure that we give you the best user experience. Cookies assist in navigation, analyzing traffic and in our marketing efforts as described in our Privacy Policy.
The Federal Financial Institutions Examination Council (FFIEC) has established its priorities for the remainder of 2015 as a result of the recent FFIEC cybersecurity assessment pilot program. The pilot program looked at many facets of information security strategy at financial institutions, ranging from the role that vendors play in cyber threat management to internal incident response procedures and board involvement in cyber matters. The preliminary results of the pilot program, having evaluated more than 500 financial institutions, contained high-level observations intended to provide financial institutions with risk management discussion points to consider.
The FFIEC’s priorities for the remainder of 2015 will vigorously focus on enhancing the cybersecurity posture of financial institutions, recognizing the heightened threat landscape. A key priority from the FFIEC is the introduction of a “Cybersecurity Self-Assessment Tool,” and other detailed guidance that will help financial institutions understand what they need to do to protect themselves from cyber threats.
While the tools and guidance are being developed, it is important that executives and boards remain apprised of cybersecurity issues and that they are involving key personnel internally and externally in developing risk assessments and control strategies to mitigate cybersecurity threats. Until the more detailed guidelines are available, financial institutions need to apply leading practices such as National Institute of Standards and Technology’s (NIST), Framework for Improving Critical Infrastructure Cybersecurity or the Securities Industry and Financial Markets Association’s (SIFMA) Small Firms Cybersecurity Guidance to promote effective risk mitigation and control strategies. In addition, it is equally important for financial institutions to keep a finger on the pulse of cyber threats and newly evolving risks by subscribing to threat monitoring sources such as the United States Computer Emergency Response Team (US-CERT) and the Financial Services Information Sharing and Analysis Center (FS-ISAC). These and other resources encourage collaboration and knowledge-sharing among financial institutions, since cyber criminals tend to be repetitive in their methods of attempting to breach security controls of financial institutions; therefore, collaboration is invaluable in order to mitigate these persistent cyber threats.
Contact us for more information regarding cybersecurity and visit our blog, Our Thoughts On, for more articles relating to this topic.
Read more about the current Greenbook proposals. ...
Learn more about the regional and national supply chain implications of the Baltimore Key Bridge collapse. ...
We’d love to hear from you. Drop us a note, and we’ll respond to you as quickly as possible.
Ask us
[email protected]
p:412.261.3644
f:412.261.4876
[email protected]
p:614.621.4060
f:614.621.4062
[email protected]
p:571.380.9003