The FFIEC a press release March 17, 2015 announcing its Cybersecurity Priorities for 2015.

This combined with the new Appendix J should have all our teams focused on security issues and technology service providers for this year and the years to come. J

Happy St. Patrick’s Day!  

 http://www.ffiec.gov/press/pr031715.htm

FFIEC Focuses on Cybersecurity, Will Debut Self-Assessment Tool

The Federal Financial Institutions Examination Council (FFIEC) today provided an overview of its cybersecurity priorities for the remainder of 2015.

The priorities include seven workstreams that stem from last year’s pilot assessment of cybersecurity readiness at more than 500 financial institutions. The planned work includes the development and issuance of a self-assessment tool that financial institutions can use to evaluate their readiness to identify, mitigate and respond to cyber threats. The FFIEC also will enhance their incident analysis, crisis management, training, and policy development and expand their focus on technology service providers’ cybersecurity preparedness. Additionally, the FFIEC will continue to improve its collaboration with other agencies and communicate on the importance of cybersecurity awareness and best practices among financial industry participants and regulators.

Work is underway in the following workstreams:

•Cybersecurity Self-Assessment Tool—The FFIEC plans to issue a self-assessment tool this year to assist institutions in evaluating their inherent cybersecurity risk and their risk management capabilities.

•Incident Analysis—FFIEC members will enhance their processes for gathering, analyzing, and sharing information with each other during cyber incidents.

•Crisis Management—The FFIEC will align, update, and test emergency protocols to respond to system-wide cyber incidents in coordination with public-private partnerships.

•Training—The FFIEC will develop training programs for the staff of its members on evolving cyber threats and vulnerabilities.

•Policy Development—The FFIEC will update and supplement its Information Technology Examination Handbook to reflect rapidly evolving cyber threats and vulnerabilities with a focus on risk management and oversight, threat intelligence and collaboration, cybersecurity controls, external dependency management, and incident management and resilience.

•Technology Service Provider Strategy—The FFIEC’s members will expand their focus on technology service providers’ ability to respond to growing cyber threats and vulnerabilities.

•Collaboration with Law Enforcement and Intelligence Agencies—The FFIEC will build upon existing relationships with law enforcement and intelligence agencies to share information on the growing cybersecurity threats and response techniques.

The FFIEC has published several resources to help financial institutions improve their cybersecurity, including additional information regarding the cybersecurity assessment conducted in 2014. They are available on the FFIEC website at http://www.ffiec.gov/cybersecurity.htm.