On September 9, 2016, the Federal Financial Institutions Examination Council (FFIEC) released a revision of its IT Booklet on Information Security. In line with previous updates made by the FFIEC, the goal of the revision is to better standardized measures for determining, assessing, and manage risks to information technology solutions. The updates reduced redundancies, incorporated relevant cybersecurity language, and re-emphasized risk management as a program and process to be developed, implemented, and maintained. Also included is revised examination procedures, to again increase standardization, of risk management program evaluation amongst auditors and Federal examiners. The FFIEC continues to leverage the NIST Cybersecurity Framework as it did when developing and adopting the Cybersecurity Assessment Tool (CAT).
Questions or concerns about how these latest updates will impact your Compliance and Information Security programs? Contact GraVoc’s Information Security Department below.
Related articles
The NSA Cybersecurity Guide for Remote Workers
In this blog post, we cover a few key recommendations for remote workers from the NSA guide, ‘Best Practices for Securing Your Home Network.’
GraVoc Recognized on CRN’s 2023 MSP 500 List
CRN®, a brand of The Channel Company, has named GraVoc to its Managed Service Provider (MSP) 500 list in the Pioneer 250 category for 2023!
The Cybersecurity Implications of ChatGPT
Is ChatGPT a security risk? In this blog post, we explore the cybersecurity implications of ChatGPT, including the benefits and challenges.