On September 9, 2016, the Federal Financial Institutions Examination Council (FFIEC) released a revision of its IT Booklet on Information Security. In line with previous updates made by the FFIEC, the goal of the revision is to better standardized measures for determining, assessing, and manage risks to information technology solutions. The updates reduced redundancies, incorporated relevant cybersecurity language, and re-emphasized risk management as a program and process to be developed, implemented, and maintained. Also included is revised examination procedures, to again increase standardization, of risk management program evaluation amongst auditors and Federal examiners. The FFIEC continues to leverage the NIST Cybersecurity Framework as it did when developing and adopting the Cybersecurity Assessment Tool (CAT).
Questions or concerns about how these latest updates will impact your Compliance and Information Security programs? Contact GraVoc’s Information Security Department below.
Related articles
Microsoft SharePoint Exploit Alert: On-Premises Servers at Risk
Learn about the latest actively exploited vulnerabilities affecting SharePoint Server 2016, 2019, and Subscription Edition & how to protect your environment.
Business Email Compromise: Top BEC Tactics & How to Protect Against Them
We take a look at Business Email Compromise, including common BEC tactics and what your business can do to protect against them.
FFIEC CAT Sunset: Why the CRI Profile is a Strong Alternative
With the FFIEC CAT sunset approaching, we explore why the CRI Profile is a strong alternative to the CAT for financial institutions!