October is National Cyber Security Awareness Month (NCSAM) – targeted to educate banking customers. The Homeland Security website states, “NCSAM is designed to engage and educate public and private sector partners through events and initiatives.”
Community banks are using this annual campaign as an opportunity to demonstrate measures they are taking to safeguard customer data, which makes it a good time to review some of the ABCs of regulatory compliance and resources.
“The smartest banks will show how security is at the heart of their online operations in order to build confidence and trust amongst existing customers, while at the same time attracting new ones,” according to NTT Security.
How do you work through the maze of laws and regulations such as Sarbanes-Oxley, GLBA, OCC and FDIC, just to name a few? Many community banks find the FFIEC (Federal Financial Institutions Examination Council) to be an important resource. The FFIEC describes its role as “a formal interagency body empowered to prescribe uniform principles, standards, and report forms for the federal examination of financial institutions”. The council members are:
FRB (Board of Governors of the Federal Reserve System)
FDIC (Federal Deposit Insurance Corporation)
NCUA (National Credit Union Administration)
OCC (Office of the Comptroller of the Currency)
CFPB (Consumer Financial Protection Bureau)
The FFIEC Cybersecurity Assessment Tool is a valuable resource for financial institutions to assess their own risk and develop an overall Cybersecurity strategy and plan.
The tool is designed to provide a measurable and repeatable process to measure an institution’s level of cybersecurity risk and preparedness. First, it offers a framework to identify risks. After creating an “Inherent Risk Profile”, the tool assists the user in determining the level of solution maturity and recommends actions within each of the following five domains:
Cyber Risk Management and Oversight
Threat Intelligence and Collaboration
External Dependency Management
Cyber Incident Management and Resilience
At Great Bay Software, we focus on providing solutions that fall within the “Cybersecurity Controls” domain.
I’m interested in learning if and how you use the FFIEC Assessment Tool, and the results you are achieving. Please comment below or contact me at email@example.com.
Welcome to the New Year. From all of us at Great Bay Software, we wish you a safe and secure 2017. With recent news filled with stories of hacking by government actors, the prevention of cyberattacks...