The FFIEC Cybersecurity Assessment Tool (CAT) is a diagnostic test that helps institutions identify their risk level and determine the maturity of their cybersecurity programs. The FFIEC's tool measures risk levels across several categories, including delivery channels, connection types, external threats, and organizational characteristics. filexlib. The FFIEC recommends that financial firms: · Determine target maturity levels to ensure they align appropriately with the level of risk. · Conduct a gap analysis to drive process improvements based on the current vs. targeted maturity level. OCC Bulletin 2016-27 announces that the Federal Financial Institutions Examination Council has revised the "Information Security" booklet of the FFIEC Information Technology Examination Handbook. The revised booklet provides guidance to examiners, addresses factors necessary to assess the level of security risks to a financial institution's information systems, and helps examiners evaluate the FFIEC Handbooks & Preparing for Third-Party Risk Audits | Prevalent Agencies that make up the FFIEC prescribe best practices and a standardized approach for all field examiners conducting audits. Financial institutions should use these as a blueprint when preparing for an examination.
On June 30th, the Federal Financial Institutions Examinations Council (FFIEC) [1] published the Architecture, Infrastructure, and Operations (AIO) booklet of its Information Technology Examination Handbook to replace the Operations booklet issued in 2004. The AIO booklet covers a much wider breadth of topics than the Operations booklet, including evolving technology, such as cloud computing
The FFIEC has issued the new "Architecture, Infrastructure, and Operations" booklet of the FFIEC Information Technology Examination Handbook . The examination procedures in this booklet help examiners evaluate an institution's controls and risk management processes relative to the risks of technology systems and operations that reside in, or are connected to, the institution.
Risk assessments can assist in determining the likelihood and impact of identified risks and/or vulnerabilities affecting an organization. D1.TC.Tr.B.2 Annual information security training includes incident response, current cyber threats (e.g.,phishing, spear phishing, social engineering, and mobile security), and emerging issues.
The FFIEC was established in March 1979 to prescribe uniform principles, standards, and report forms and to promote uniformity in the supervision of financial institutions. It also conducts schools for examiners employed by the five federal member agencies represented on the FFIEC and makes those schools available to employees of state agencies that supervise financial institutions.
As for the execution of the assessment, Tevora will review your environment, documentation, and interview your staff to determine areas of information security risk in context of your institution's inherent and residual risk profile. The risk assessment will be documented in a report that provides information and context to identified risks and recommendations for risk treatment.

Ffiec examination risk assessment handbook
Ffiec examination risk assessment gebruiksaanwijzing
Ffiec examination risk assessment handboek
Ffiec examination risk assessment handbog
Ffiec examination risk assessment mode d'emploi