CUNA News
  • LOG IN
  • Create Account
  • Sign Out
  • My Account
  • LOG IN
  • Create Account
  • Sign Out
  • My Account
  • Topics
    • Community Service
    • Compliance
    • Credit Union Hero
    • Credit Union Rock Star
    • Credit Union System
    • Directors
    • Human Resources
    • Leadership
    • Lending
    • Marketing
    • Operations
    • Policy & Issues
    • Sales & Service
    • Technology
  • Credit Union Magazine
    • Buyers' Guide
    • COVID-19
    • Digital Edition
    • Credit Union Hero
    • Credit Union Rock Star
    • Subscribe
    • Advertise
    • Contact
  • Advertise
  • Awards
    • Nominate Credit Union Hero
    • Nominate Credit Union Rock Star
  • Podcasts
  • Videos
  • Jobs
  • Contact

News

Home » Cybersecurity: What’s your level of preparedness?
Technology

Cybersecurity: What’s your level of preparedness?

Here’s where many credit unions fall short, according a new NCUA tool.

September 12, 2018
Bill Merrick
No Comments
NCUA

NCUA is using a new tool to gauge credit unions’ level of cybersecurity preparedness: The Automated Cybersecurity Examination Tool (ACET).

Developed in 2017, ACET consists of an inherent risk profile and a cybersecurity maturity level, explains Wayne Trout, regional information systems officer for the agency. In 2018, NCUA will examine the 268 credit unions with more than $1 billion in assets using ACET.

Trout, who addressed the CUNA Technology Council’s 5th Annual Security Summit in San Francisco, identified several of credit unions’ “least achieved baseline statements” from the cybersecurity assessments:

  • The institution has policies commensurate with its risk and complexity that address the concepts of threat information sharing. “You need to have a policy in place that says what information you can share, how you share it, and through what means,” Trout says. “Put it in a box and see how you want to control it,”
     
  • Organizational assets (i.e., hardware, systems, data, applications) are prioritized for protection based on the data classification and business value. “This is a beast,” he says. “You have so much data in so many places. But take the first shot at it.”
     
  • A risk assessment focused on safeguarding customer information identifies reasonable and foreseeable internal and external threats, the likelihood and potential damage of threats, and the sufficiency of policies, procedures, and customer information systems. “If your credit union is on the East Coast,” Trout asks, “have you updated your risk policy for the possibility of hurricanes? As things change, you have to bring them into play.”
     
  • User access reviews are performed periodically for all systems and applications based on the risk to the application or system.
     
  • Firewall rules are audited or verified at least quarterly.
     
  • Data flow diagrams are in place and document information flow to external parties.
     
  • Contracts stipulate that the third-party security controls are regularly reviewed and validated by an independent party.
     
  • The risk assessment is updated to address new technologies, products, services, and connections before deployment. “Get senior management involved and implement a policy that says nothing goes into play until it goes through the risk assessment process,” he says. “This will prevent a lot of problems.”

►Click here for more conference coverage from CUNA News, and get live updates on Twitter via @cumagazine, @CUNA_News, @CUNACouncils, and by using the #TechCounciland #OMECouncil hashtags. Learn more about the CUNA Councils, a member-led professional society for credit union executives, at cunacouncils.org.

KEYWORDS CUNA Technology Council cybersecurity

Post a comment to this article

Report Abusive Comment

Credit Union Magazine: Winter 2022

Winter 2022

Credit Union Magazine’s Winter 2022 issue highlights data-driven marketing, the board’s role in cybersecurity, elder abuse scams, credit unions’ auto lending advantage, and more.
Digital Edition •  Subscribe

Trending

  • House passes CUNA, League-led board modernization bill

  • CFPB issues CUNA-opposed proposal on credit card late fees

  • Key committee leaders supportive of credit union priorities

Tweets by CUNA_News

Polls

Vote for the 2023 CU Hero of the Year

View Results
More

Champion for the Credit Union Movement

Credit Union National Association is the most influential financial services trade association and the only national association that advocates on behalf of all of America's credit unions. We work tirelessly to protect your best interests in Washington and all 50 states. We fuel your professional growth at every level and champion the credit union story at every turn.

More CUNA

  • Membership
  • Contact Us
  • Careers

Resources for

  • Credit Union Advocates
  • Leagues
  • Press
  • Providers

Our Affiliates

  • American Association of Credit Union Leagues (AACUL)
  • Credit Union Awareness
  • Credit Union House
  • CUNA Strategic Services
  • National Credit Union Foundation
GET CUNA UPDATES
© 2023 Credit Union National Association | ADA Compliance Notice & Legal
Email Us