Learn More about Member Value

News

Member Benefits
Learn more
Learn more about the benefits of membership.

FFIEC Releases Cybersecurity Assessment Observations

Member agencies piloted a cybersecurity assessment at more than 500 community institutions.

January 14, 2015
CUNA Compliance Staff
No Comments
Cybersecurity
Cybersecurity
 
The Federal Financial Institutions Examination Council (FFIEC) released in November observations from its 2014 cybersecurity assessment, and recommended that regulated financial institutions participate in the Financial Services Information Sharing and Analysis Center (FS-ISAC).
 
This past summer, FFIEC member agencies piloted a cybersecurity assessment at more than 500 community institutions to evaluate the institutions’ preparedness to mitigate cybersecurity risks.
 
The “FFIEC Cybersecurity Assessment General Observations” suggested the areas within their institutions that chief executive officers and boards of directors should focus on when assessing cybersecurity preparedness, including:
  • Current practices and overall preparedness. How do network connections, products and services offered, and technologies collectively affect the credit union’s overall inherent cyber-security risk?
     
  • Risk management and oversight. What is the process for ensuring ongoing and routine discussions by the board and senior management about cyber threats and vulnerabilities to the credit union?
     
  • Threat intelligence and collaboration. What is the process to gather and analyze threat and vulnerability information from multiple sources?
     
  • Cybersecurity control. What is the process for determining and implementing preventive, detective, and corrective controls on the credit union’s network?
     
  • External dependency management. How is the credit union connecting to third parties and ensuring they properly manage their cybersecurity controls?
     
  • Cyberincident management and resilience. In the event of a cyber-attack, how will the credit union respond internally and with members, third parties, regulators, and law enforcement?
FFIEC recommended that financial institutions of all sizes participate in the FS-ISAC as part of their process to identify, respond to, and mitigate cyber-security threats and vulnerabilities.
 
 
The FS-ISAC is a nonprofit, information-sharing forum established in 1999 by financial services industry participants to facilitate the public and private sectors’ sharing of physical and cybersecurity threat and vulnerability information and analysis.
 
As a member of FS-ISAC, CUNA continues to encourage the industry forum to provide more resources for credit unions and smaller financial institutions.
 
Credit unions interested in FSISAC and its different membership options can visit fsisac.com.
 
The “FFIEC Cybersecurity Assessment General Observations” is available at ffiec.gov and ncua.gov.

KEYWORDS compliance credit union ffiec FS-ISAC
CUNA Compliance Staff

Compliance Q&A: Reg B

More from this author

Post a comment to this article

This Month Lending Roadmap

Lending Roadmap

Expect solid loan growth to continue next year due to a strong economy.
Bright Ideas

Bright Ideas

Small credit unions take creative measures to serve members outside the financial mainstream.
Get Smart

Get Smart

Artificial intelligence is fast becoming a day-to-day part of the consumer experience.
App Digital Edition Subscribe

Trending

Polls

What's the pace of staff turnover at your CU?

View Results
More