|For Immediate Release||September 9, 2016|
Financial Regulators Release Revised Information Security Booklet
The Federal Financial Institutions Examination Council (FFIEC) members today issued a revised Information Security booklet, which is part of the FFIEC Information Technology Examination Handbook (IT Handbook).
The revised booklet addresses the factors necessary to assess the level of security risks to a financial institutionís information systems. The booklet also helps examiners evaluate the adequacy of the information security programís integration into overall risk management.
The Information Security booklet describes effective information security program management, including the following phases of the life cycle of information security risk management:
The booklet provides an overview of information security operations, including the need for effective (1) threat identification, assessment, and monitoring and (2) incident identification, assessment and response. It discusses methods to achieve and assess information security program effectiveness, including assurance and testing. It also incorporates cybersecurity concepts, such as threats, controls, and resource requirements for preparedness. The booklet contains updated examination procedures to help examiners measure the adequacy of an institutionís culture, governance, information security program, security operations, and assurance processes.
The IT Handbook is available at http://ithandbook.ffiec.gov/.
The FFIEC was established in March 1979 to prescribe uniform principles, standards, and report forms and to promote uniformity in the supervision of financial institutions. It also conducts schools for examiners employed by the five federal member agencies represented on the FFIEC and makes those schools available to employees of state agencies that supervise financial institutions. The Council consists of the following six voting members: a member of the Board of Governors of the Federal Reserve System; the Chairman of the Federal Deposit Insurance Corporation; the Director of the Consumer Financial Protection Bureau; the Comptroller of the Currency; the Chairman of the National Credit Union Administration; and the Chairman of the State Liaison Committee.