FFIEC’s Seven Cybersecurity Priorities for 2015

McGuireWoods LLP

While others were waiting for spring to arrive, community bank officers and directors were waiting for the Federal Financial Institutions Examination Council (FFIEC) to provide additional guidance on its cybersecurity assessment program. On March 17, 2015, FFIEC provided an overview of its cybersecurity priorities for the remainder of 2015. FFIEC’s priorities include seven workstreams based on FFIEC’s cybersecurity work program (Cybersecurity Assessment) conducted at over 500 community banks in the summer of 2014. FFIEC’s top priority for 2015 is the development and issuance of a self-assessment tool that financial institutions can use to evaluate their readiness to identify, mitigate and respond to cyber threats. Consistent with the general observations of the Cybersecurity Assessment, FFIEC will evaluate community bank cyber incident analysis, crisis management, training, and policy development and expand their focus on technology service providers’ cybersecurity preparedness. FFIEC will also improve its collaboration with other agencies and communicate on the importance of cybersecurity awareness and best practices among financial industry participants and regulators. FFIEC’s seven cybersecurity priorities for 2015 are:

  • Cybersecurity Self-Assessment Tool—FFIEC plans to issue a self-assessment tool this year to assist institutions in evaluating their inherent cybersecurity risk and their risk management capabilities.
  • Incident Analysis—Bank regulators will enhance their processes for gathering, analyzing, and sharing information with each other during cyber incidents.
  • Crisis Management—FFIEC will align, update, and test emergency protocols to respond to system-wide cyber incidents in coordination with public-private partnerships.
  • Training—FFIEC will develop training programs for bank examiners on evolving cyber threats and vulnerabilities.
  • Policy Development—FFIEC will update and supplement its Information Technology Examination Handbook to reflect rapidly evolving cyber threats and vulnerabilities with a focus on risk management and oversight, threat intelligence and collaboration, cybersecurity controls, external dependency management, and incident management and resilience.
  • Technology Service Provider Strategy— Bank regulators will expand their focus on third party relationships, including technology service providers’ ability to respond to growing cyber threats and vulnerabilities.
  • Collaboration with Law Enforcement and Intelligence Agencies—FFIEC will build upon existing relationships with law enforcement and intelligence agencies to share information on the growing cybersecurity threats and response techniques.

Additionally, FFIEC is expected to continue to publish statements and alerts regarding cyber threats and vulnerabilities.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© McGuireWoods LLP | Attorney Advertising

Written by:

McGuireWoods LLP

McGuireWoods LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide