Advertisement

Interagency council releases cybersecurity tool for banks

An interagency council made up of five banking regulators, including the Federal Reserve Board of Governors, released a tool to help financial institutions assess their cybersecurity posture.

An interagency council of five banking regulators, including the Federal Reserve Board of Governors, released a tool to help financial institutions assess their cybersecurity posture.

The Federal Financial Institutions Examination Council’s tool helps businesses that conduct transactions like investments, loans and deposits determine what cybersecurity risks they face and how strong their safeguards are.

The council, which also includes the Federal Deposit Insurance Corp., National Credit Union Administration, Office of the Comptroller of the Currency and the Consumer Financial Protection Bureau, has been working on the tool for more than a year after launching a pilot in June 2014 for 500 member institutions.

Built using NIST’s cybersecurity framework, the tool calls for financial institutions to take an enterprisewide approach to instilling cybersecurity in their organizations. In particular, it emphasizes the need to re-evaluate the company’s posture whenever a product, service or initiative is launched.

Advertisement

The first part of the assessment asks companies to examine the risk associated with technologies and connection types, delivery channels, online and mobile-based products, organizational characteristics, and external threats. The second part is dedicated to measuring the following areas: cyber risk management and oversight, threat intelligence and collaboration, cybersecurity controls, external dependency management, and cyber incident management and resilience.

The council hopes the toolkit helps institutions determine how they need to grow their defenses as their business changes. A user guide published with the toolkit stressed that security assessments are not a one-time measure but need to be done continuously.

‘An institution’s inherent risk profile and maturity levels will change over time as threats, vulnerabilities, and operational environments change,’ the guide reads. ‘Thus, management should consider reevaluating its inherent risk profile and cybersecurity maturity periodically and when planned changes can affect its inherent risk profile.’

Banks have been targeted in a wave of cyber attacks in America in the past year. In October, JPMorganChase reported it had a breach that affected 76 million households and 7 million small businesses.

Visit the council’s website to find the toolkit, or watch a video on the tool below.

Advertisement

Greg Otto

Written by Greg Otto

Greg Otto is Editor-in-Chief of CyberScoop, overseeing all editorial content for the website. Greg has led cybersecurity coverage that has won various awards, including accolades from the Society of Professional Journalists and the American Society of Business Publication Editors. Prior to joining Scoop News Group, Greg worked for the Washington Business Journal, U.S. News & World Report and WTOP Radio. He has a degree in broadcast journalism from Temple University.

Latest Podcasts