FFIEC Cybersecurity Assessment 'Tool' Goes Live
Bank regulators plan to release their self-assessment tool later this quarter to gauge institutions' cyber readiness, but many see it as sign of more prescriptive measures down the road.April 9
A new push by President Obama to tighten cybersecurity at banks and other businesses could help light a fire under some firms that have historically been slower to react in the wake of a data breach and help financial institutions dealing with a tangle of confusing state laws.January 12
Community-sized institutions with cybersecurity gaps are facing new attention from regulators under a pilot exam project.June 27
WASHINGTON Federal regulators on Tuesday unveiled a much-anticipated tool meant to help institutions assess their own cybersecurity systems.
The "cybersecurity assessment tool" released by the Federal Financial Institutions Examination Council is designed to help financial institutions not only identify their level of risk to a cyber-attack but also to gauge their ability to manage and control their own specific threat levels.
The tool is essentially a user's guide that leads institutions through the self-assessment. It contains two basic parts. The "Inherent Risk Profile" catalogues an institution's technology and connection types, delivery channels, external threats and other facets of its risk characteristics. The second part assesses the institution's cyber risk management, threat intelligence and how it would respond to a cyber-incident, among other capabilities.
"The assessment provides a repeatable and measurable process for institutions to measure their cybersecurity preparedness over time," the FFIEC says in an overview of the tool.
The release of the cybersecurity assessment is another sign regulators are concerned about the level of readiness at banks. It was unveiled following a pilot program last year in which examiners from the financial regulatory agencies conducted cybersecurity assessments at 500 community financial institutions as part of their regular exams.
The tool incorporates standards from the FFIEC information security examination handbook as well as cybersecurity standards developed by the National Institute of Standards and Technology Cybersecurity Framework. The regulators said they will continue to update the tool as the cyber arena evolves.