Category: Hot Topics

  • FFIEC Rewrites Business Continuity Guidance

    FFIEC Rewrites Business Continuity Guidance

    The all new IT Examination Handbook is more than an update, it’s a complete re-write, and represents a significant change in how the business continuity process is managed. It also has several new expectations regulators will be looking for from financial institutions1. In fact, that is one of the most interesting changes; the term “institution”…

  • FFIEC Issues Press Release on Cybersecurity Preparedness Assessments (and Muddies the Waters)

    FFIEC Issues Press Release on Cybersecurity Preparedness Assessments (and Muddies the Waters)

    A Standardized Approach On August 28th, the FFIEC issued a press release entitled “FFIEC Encourages Standardized Approach to Assessing Cybersecurity Preparedness”. The release “…emphasized the benefits of using a standardized approach to assess and improve cybersecurity preparedness.” On the surface the this seems very logical and straightforward, but in fact this may have provided more…

  • Misuse, Denied Access, and Incident Response

    Misuse, Denied Access, and Incident Response

    It may be a good time to review your Incident Response Plan and determine if additional clarification regarding the term “misuse” should be added to incorporate denial of access to information. The FFIEC Information Technology Examination Handbook for Information Security was published in September 2016 and refers to misuse as “attacks from within the organizations”.…

  • FFIEC Issues Joint Statement on Cyber Insurance

    FFIEC Issues Joint Statement on Cyber Insurance

    The statement is here, and is intended to provide additional awareness about the possible use of cyber insurance to off-set financial losses resulting from cyber incidents. Here are a few high-level observations: First of all, we’ve seen several announcements from various organizations stating that “the FFIEC has released new guidance…”. The statement makes it clear…

  • Cybersecurity – Beyond the Assessment

    Cybersecurity – Beyond the Assessment

    The FFIEC Cybersecurity Assessment Tool has been out since 2015, and by now almost all financial institutions have completed it at least once, some as many as 3-4 times. Although most of the examiner feedback we’ve gotten indicates that simply completing is all regulators are looking for at this time, the FFIEC made it clear…

  • FFIEC Cybersecurity Assessment Tool Update

    FFIEC Cybersecurity Assessment Tool Update

    The FFIEC recently released a long-awaited update to the Cybersecurity Assessment Tool, and we think overall it is a relatively minor but useful evolution. But before we get into the details of what the update does address, it’s important to note that it did not address the ambiguity issues that plague the current assessment. One…