Information Security News mailing list archives
FFIEC Plans Cybersecurity Assessments
From: InfoSec News <alerts () infosecnews org>
Date: Fri, 9 May 2014 20:53:59 +0000 (UTC)
http://www.bankinfosecurity.com/ffiec-plans-cybersecurity-assessments-a-6825 By Jeffrey Roman Bank Info Security May 8, 2014The Federal Financial Institutions Examination Council is planning cybersecurity vulnerability and risk-mitigation assessments to help smaller banking institutions address potential gaps. The effort is expected to begin later this year.
The assessments will help FFIEC member agencies, such as the Office of the Comptroller of the Currency and the Federal Deposit Insurance Corp., make informed decisions about the state of cybersecurity at community institutions, address gaps and prioritize necessary actions to strengthen supervisory programs, the FFIEC says in a May 7 statement.
The FFIEC's announcement came a day before Thomas Curry, Comptroller of the Currency and chairman of the FFIEC, delivered a speech at the Risk Management Association's Governance, Compliance and Operational Risk Conference that included a reference to new cybersecurity examination procedures the OCC expects to pilot later in the summer.
"To be managed properly, operational risk issues must be viewed in terms of their impact on the entire enterprise, not merely as - to use cybersecurity as an example - an IT Issue," Curry says. "That requires a fully integrated and comprehensive approach to risk management, which is exactly what the OCC's heightened expectations are intended to achieve."
[...] -- Subscribe to InfoSec News http://www.infosecnews.org/subscribe-to-infosec-news/
Current thread:
- FFIEC Plans Cybersecurity Assessments InfoSec News (May 09)