Yesterday, on May 31, 2017, the Federal Financial Institution Examination Council (FFIEC), issued an update to the Cybersecurity Assessment Tool (often recognized as “the CAT” throughout our industry). The update specifically ties and maps the CAT to the updated FFIEC Examination Handbook, focusing on the recently improved Information Security and Management booklets. Additionally, the updates to the assessment tool allow for enhanced response criteria when performing the self-assessment. The CAT now permits responders to enter supplementary or complementary behaviors, or overarching controls. In other words, additional strong practices, processes, and IT general controls that the financial institution has in place to strengthen its security posture can be taken into account when attempting to establish inherent risk and maturity ratings.
You also might be interested in
In an era where cybersecurity threats are constantly evolving, maintaining[...]
Working in #cybersecurity and especially in a #vCISO role certainly[...]
HITRUST Security Framework (CSF), a powerful tool that can streamline[...]