Learn More about Member Value

News

Member Benefits
Learn more
Learn more about the benefits of membership.

FFIEC Releases Cybersecurity Assessment Observations

Member agencies piloted a cybersecurity assessment at more than 500 community institutions.

January 14, 2015
CUNA Compliance Staff
No Comments
Cybersecurity
Cybersecurity
 
The Federal Financial Institutions Examination Council (FFIEC) released in November observations from its 2014 cybersecurity assessment, and recommended that regulated financial institutions participate in the Financial Services Information Sharing and Analysis Center (FS-ISAC).
 
This past summer, FFIEC member agencies piloted a cybersecurity assessment at more than 500 community institutions to evaluate the institutions’ preparedness to mitigate cybersecurity risks.
 
The “FFIEC Cybersecurity Assessment General Observations” suggested the areas within their institutions that chief executive officers and boards of directors should focus on when assessing cybersecurity preparedness, including:
  • Current practices and overall preparedness. How do network connections, products and services offered, and technologies collectively affect the credit union’s overall inherent cyber-security risk?
     
  • Risk management and oversight. What is the process for ensuring ongoing and routine discussions by the board and senior management about cyber threats and vulnerabilities to the credit union?
     
  • Threat intelligence and collaboration. What is the process to gather and analyze threat and vulnerability information from multiple sources?
     
  • Cybersecurity control. What is the process for determining and implementing preventive, detective, and corrective controls on the credit union’s network?
     
  • External dependency management. How is the credit union connecting to third parties and ensuring they properly manage their cybersecurity controls?
     
  • Cyberincident management and resilience. In the event of a cyber-attack, how will the credit union respond internally and with members, third parties, regulators, and law enforcement?
FFIEC recommended that financial institutions of all sizes participate in the FS-ISAC as part of their process to identify, respond to, and mitigate cyber-security threats and vulnerabilities.
 
 
The FS-ISAC is a nonprofit, information-sharing forum established in 1999 by financial services industry participants to facilitate the public and private sectors’ sharing of physical and cybersecurity threat and vulnerability information and analysis.
 
As a member of FS-ISAC, CUNA continues to encourage the industry forum to provide more resources for credit unions and smaller financial institutions.
 
Credit unions interested in FSISAC and its different membership options can visit fsisac.com.
 
The “FFIEC Cybersecurity Assessment General Observations” is available at ffiec.gov and ncua.gov.

KEYWORDS compliance credit union ffiec FS-ISAC
CUNA Compliance Staff

Compliance Q&A: Reg B

More from this author

Post a comment to this article

Subscriber Exclusives Cash crop

Cash crop

Cannabis-banking leaders shed light on a growing line of business that has major implications for public safety, financial inclusion, and credit union economics.
Engage members with mobile

Engage members with mobile

Mobile services have become an engine for membership growth and relationship-building.
Tech-savvy boards

Tech-savvy boards

The use of portals and remote meeting options is growing among board members.
App   Digital Edition   Subscribe

Trending

Polls

Does your CU offer or plan to offer cannabis banking services?

View Results
More