[ISN] FFIEC Plans Cybersecurity Assessments

http://www.bankinfosecurity.com/ffiec-plans-cybersecurity-assessments-a-6825 By Jeffrey Roman Bank Info Security May 8, 2014 The Federal Financial Institutions Examination Council is planning cybersecurity vulnerability and risk-mitigation assessments to help smaller banking institutions address potential gaps. The effort is expected to begin later this year. The assessments will help FFIEC member agencies, such as the Office of the Comptroller of the Currency and the Federal Deposit Insurance Corp., make informed decisions about the state of cybersecurity at community institutions, address gaps and prioritize necessary actions to strengthen supervisory programs, the FFIEC says in a May 7 statement. The FFIEC’s announcement came a day before Thomas Curry, Comptroller of the Currency and chairman of the FFIEC, delivered a speech at the Risk Management Association’s Governance, Compliance and Operational Risk Conference that included a reference to new cybersecurity examination procedures the OCC expects to pilot later in the summer. “To be managed properly, operational risk issues must be viewed in terms of their impact on the entire enterprise, not merely as – to use cybersecurity as an example – an IT Issue,” Curry says. “That requires a fully integrated and comprehensive approach to risk management, which is exactly what the OCC’s heightened expectations are intended to achieve.” […]