Regulators building tool for FI self-assessment of cyber risk, management

March 17, 2015

WASHINGTON (3/18/15)--Creating a cybersecurity self-assessment tool for financial intuitions is one of a number of cybersecurity priorities released by the Federal Financial Institutions Examination Council (FFIEC) Tuesday. The list was created after a pilot assessment of cybersecurity readiness was conducted at more than 500 financial institutions last year.

The pilot assessment helped the FFIEC develop areas of focus, as well as goals for the FFIEC itself going forward.

According to the report, work is currently under way on:

  • A cybersecurity self-assessment tool, scheduled to be released this year to assist institutions in evaluating their inherent cybersecurity risk and their risk-management capabilities;
  • Incident analysis to enhance processes for gathering, analyzing and sharing information with during cyber incidents;
  • Aligning, updating and testing emergency protocols to respond to system-wide cyber incidents in coordination with public-private partnerships;
  • Development of training programs for the staff of FFIEC members on evolving cyberthreats and vulnerabilities;
  • Updating and supplementing the FFIEC Information Technology Examination Handbook to reflect evolving cyberthreats, with a focus on risk management and oversight, threat intelligence and collaboration, cybersecurity controls, external dependency management and incident management and resilience; and
  • Building upon existing relationships with law enforcement and intelligence agencies to share information on threats and response techniques.

The FFIEC's Cybersecurity Awareness website contains more information on last year's assessment, as well as other resources for financial institutions.