http://www.bankinfosecurity.com/ffiec-plans-cybersecurity-assessments-a-6825
By Jeffrey Roman
Bank Info Security
May 8, 2014
The Federal Financial Institutions Examination Council is planning
cybersecurity vulnerability and risk-mitigation assessments to help
smaller banking institutions address potential gaps. The effort is
expected to begin later this year.
The assessments will help FFIEC member agencies, such as the Office of the
Comptroller of the Currency and the Federal Deposit Insurance Corp., make
informed decisions about the state of cybersecurity at community
institutions, address gaps and prioritize necessary actions to strengthen
supervisory programs, the FFIEC says in a May 7 statement.
The FFIEC's announcement came a day before Thomas Curry, Comptroller of
the Currency and chairman of the FFIEC, delivered a speech at the Risk
Management Association's Governance, Compliance and Operational Risk
Conference that included a reference to new cybersecurity examination
procedures the OCC expects to pilot later in the summer.
"To be managed properly, operational risk issues must be viewed in terms
of their impact on the entire enterprise, not merely as - to use
cybersecurity as an example - an IT Issue," Curry says. "That requires a
fully integrated and comprehensive approach to risk management, which is
exactly what the OCC's heightened expectations are intended to achieve."
[...]
--
Subscribe to InfoSec News
http://www.infosecnews.org/subscribe-to-infosec-news/
