Yesterday, on May 31, 2017, the Federal Financial Institution Examination Council (FFIEC), issued an update to the Cybersecurity Assessment Tool (often recognized as “the CAT” throughout our industry). The update specifically ties and maps the CAT to the updated FFIEC Examination Handbook, focusing on the recently improved Information Security and Management booklets. Additionally, the updates to the assessment tool allow for enhanced response criteria when performing the self-assessment. The CAT now permits responders to enter supplementary or complementary behaviors, or overarching controls. In other words, additional strong practices, processes, and IT general controls that the financial institution has in place to strengthen its security posture can be taken into account when attempting to establish inherent risk and maturity ratings.
You also might be interested in
What is Dark Web Monitoring? In today’s online-focused world, the dark web looms as a[...]
Three points of focus for ALL managers These days it[...]
National Dapper Your Data Day: Tips for Data Management and[...]