written by Chris Griesemer
The FDIC, with the help of the Federal Financial Institutions Examination Council (FFEIC), has created a Cybersecurity Assessment Tool to help financial institutions recognize and mitigate cybersecurity risk.
As of right now, the assessment tool is voluntary but I suspect as time goes on, not using this tool will be frowned upon.
The tool helps financial institutions identify an inherent risk profile and help management measure the level of risk and corresponding controls, otherwise referred to as Cybersecurity Maturity.
As banks are examined in the coming months, examiners will take that opportunity to explain the Assessment tool and the benefits of its implementation. If banks choose to implement, the FDIC is encouraging institutions to comment on the ease of use and the number of hours required to complete the assessment.
I have looked at the tool and believe it can help a bank identify and mitigate cybersecurity threats but it will take a serious effort to complete the assessment. For more information please don’t hesitate to contact Chris Griesemer 417-881-0145.