FFIEC Plans Cybersecurity Assessments

[InfoSec News <alerts () infosecnews org>]

http://www.bankinfosecurity.com/ffiec-plans-cybersecurity-assessments-a-6825

By Jeffrey Roman
Bank Info Security
May 8, 2014

The Federal Financial Institutions Examination Council is planning 
cybersecurity vulnerability and risk-mitigation assessments to help 
smaller banking institutions address potential gaps. The effort is 
expected to begin later this year.

The assessments will help FFIEC member agencies, such as the Office of the 
Comptroller of the Currency and the Federal Deposit Insurance Corp., make 
informed decisions about the state of cybersecurity at community 
institutions, address gaps and prioritize necessary actions to strengthen 
supervisory programs, the FFIEC says in a May 7 statement.

The FFIEC's announcement came a day before Thomas Curry, Comptroller of 
the Currency and chairman of the FFIEC, delivered a speech at the Risk 
Management Association's Governance, Compliance and Operational Risk 
Conference that included a reference to new cybersecurity examination 
procedures the OCC expects to pilot later in the summer.

"To be managed properly, operational risk issues must be viewed in terms 
of their impact on the entire enterprise, not merely as - to use 
cybersecurity as an example - an IT Issue," Curry says. "That requires a 
fully integrated and comprehensive approach to risk management, which is 
exactly what the OCC's heightened expectations are intended to achieve."

[...]



--
Subscribe to InfoSec News
http://www.infosecnews.org/subscribe-to-infosec-news/