With the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council (FFIEC) created the Cybersecurity Assessment, to help institutions identify their risks and determine their cybersecurity maturity.
The content of the Assessment is consistent with the principles of the FFIEC Information Technology Examination Handbook (IT Handbook) and the National Institute of Standards and Technology (NIST) Cybersecurity Framework, as well as industry accepted cybersecurity practices.
The Assessment provides institutions with a repeatable and measurable process to inform management of their institution’s risks and cybersecurity preparedness. The Assessment consists of two parts: Inherent Risk Profile and Cybersecurity Maturity. The Inherent Risk Profile identifies the institution’s inherent risk before implementing controls. The Cybersecurity Maturity includes domains, assessment factors, components, and individual declarative statements across five maturity levels to identify specific controls and practices that are in place. While management can determine the institution’s maturity level in each domain, the Assessment is not designed to identify an overall cybersecurity maturity level.
SECURITY
Firewalls
Intrusion detection
Multi-factor authentication
Availability
Performance monitoring
Disaster recovery
Incident handling
Encryption
Access controls
Firewalls
Quality assurance
Process monitoring
Access Control
Multi-factor authentication
Encryption
A cybersecurity risk assessment identifies the various information assets that could be affected by a cyber-attack and then identifies the various risks that could affect those assets.
Is the regulator process of assessing third party vendors that focuses on identifying and reducing risks relating to the use of third parties (sometimes referred to as vendors, suppliers, partners, contractors, or service providers).
Cloud and SaaS risk management along with controls involving security and regulatory compliance, continue to be major concerns.
A cybersecurity risk assessment identifies the various information assets that could be affected by a cyber-attack and then identifies the various risks that could affect those assets.
Is the regulator process of assessing third party vendors that focuses on identifying and reducing risks relating to the use of third parties (sometimes referred to as vendors, suppliers, partners, contractors, or service providers).
Cloud and SaaS risk management along with controls involving security and regulatory compliance, continue to be major concerns.
In less than 30 minutes, you can see why customers and MSSPs are choosing our purpose build saas software to achive assessments for FFIEC.
Input your search keywords and press Enter.