December 30, 2016 by

US Government Banking Council Releases Cybersecurity Assessment Tool

The Federal Financial Institutions Examination Council (FFIEC), a formal government interagency body that includes the five major banking regulators, has issued a Cybersecurity Assessment tool for banking institutions to evaluate their risks and cybersecurity readiness.

National banks, federal branches of the Federal Reserve, agencies and federal savings associations of differing statures will  implement a cybersecurity assessment tool, simply called ‘Assessment’, into their cybersecurity examinations.

Announced by The Office of the Comptroller of the Currency (OCC), the ‘Assessment’ enables banks and examiners to determine the inherent risk profile of any bank, along with their state of cybersecurity preparedness. The results of this test will help to determine if the bank’s cybersecurity maturity levels match with its inherent risk profile.

The two parts of the Assessment, an inherent risk profile and the cybersecurity maturity elaborates as follows:

  • Inherent Risk Profile: The first part identifies the risks inherent to a bank given the methodologies, volume and complexities of the bank’s technologies, delivery channels, products and services, organizational characteristics and other external threats. The bank’s risk-mitigating controls are also assessed.
  • Cybersecurity Maturity: The bank’s maturity when it comes to cybersecurity is evaluated in multiple domains, each of which has five sub-levels of maturity including baselines, evolving, intermediate, advanced and innovative. A bank’s cybersecurity maturity inherently depend on its risk profile.

Furthermore, the FFIEC has also made additional resources available for banks and other financial institutions, alongside the cybersecurity assessment tool. They include a user’s guide, an executive overview and an online presentation module explaining the Assessment along with other appendixes.

The tool has already been used by OCC examiners since late 2015 and remains the tool used by examiners to gain a complete understanding of the cybersecurity structure and inherent risks of a financial institution. For the banks themselves, however, the Assessment is an optional tool.

Image credit: Pexels.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

Wall Street Regulator Must Strengthen Cybersecurity, Says Inspector

The internal inspector of the US Consumer Financial Protection Bureau (CFPB) has revealed that the...

Read more arrow_forward

100% of Govt Entities See Own Employees as Biggest Cybersecurity Risk

A new cybersecurity report has claimed that the government sector is way behind others in...

Read more arrow_forward

HBO Refuses to Pay Hackers as Leaks Continue

HBO is refusing to negotiate with hackers who have allegedly stolen up to 1.5 terabytes of data from...

Read more arrow_forward