Tag Archive

The FFIEC released an update the the Cybersecurity Assessment Tool.  This update to the Assessment addresses changes to the FFIEC IT Examination Handbook by providing a revised mapping in Appendix A to the updated Information Security and Management booklets. The updated Assessment will also provide additional response options, allowing financial institution management to include supplementary or complementary behaviors, practices and … Read More

On March 24, the DCU published bulletin B-17-09 regarding the NASCUS Cybersecurity Symposium June 5-6 in San Diego, CA.  The bulletin is reprinted below. NASCUS Cybersecurity Symposium, June 5-6, 2017 Make plans to attend the NASCUS Cybersecurity Symposium San Diego, CA Division of Credit Unions (DCU) encourages credit unions to continue training on cybersecurity. While there are many resources available … Read More

The FFIEC released a Frequently Asked Questions Guide related to the Cybersecurity Assessment Tool (CAT). The FFIEC published the Cybersecurity Assessment Tool in June of 2015 as a voluntary tool to help financial institutions’ management identify risk and determine their cybersecurity preparedness. The CAT provides a repeatable and measurable process that financial institutions may use to measure their cybersecurity preparedness … Read More

The Federal Financial Institutions Examination Council (FFIEC) has revised the “Information Security” booklet of the FFIEC Information Technology Examination Handbook (IT Handbook). The “Information Security” booklet is one of 11 that make up the IT Handbook. The revised “Information Security” booklet provides guidance to examiners and addresses factors necessary to assess the level of security risks to a financial institution’s information systems. … Read More

The Federal Financial Institutions Examination Council (FFIEC) members today advised financial institutions, consistent with existing regulatory expectations, to actively manage the risks associated with interbank messaging and wholesale payment networks. In a statement, the FFIEC also stressed that financial institutions should review risk-management practices and controls related to information technology systems and wholesale payment networks, including risk assessment; authentication, authorization … Read More

On December 18, 2015, Congress passed and President Obama signed into law the Cybersecurity Information Sharing Act of 2015, which is designed to increase cybersecurity information sharing between the private sector and the Federal Government. The Act provides various protections to non-federal entities that share cyber threat indicators or defensive measures with the Federal Government. DHS’s Automated Indicator Sharing (AIS) … Read More

The FDIC’s Winter 2015 Supervisory Insights includes an article on framework for cybersecurity.  With cybersecurity being a focus for both the NCUA and the DFI in 2016 exams, along with the risks associated with cyber threats, the article is a good read for credit unions (even if it is published by the competition). The article describes the evolving cyber threat … Read More