We use cookies to improve your experience and optimize user-friendliness. Read our privacy policy for more information on the cookies we use and how to delete or block them. To continue browsing our site, please click accept.
VIEWpoint Issue 1 | 2023
2023 Compliance Trends: Staying Ahead in an Evolving Regulatory E...
2023 Tax Calendar
The Federal Financial Institutions Examination Council (FFIEC) recently released an update to the Cybersecurity Assessment Tool (Assessment). This update to the Assessment addresses changes to the FFIEC IT Examination Handbook by providing a revised mapping in Appendix A to the updated Information Security and Management booklets. The updated Assessment will also provide additional response options, allowing financial institution management to include supplementary or complementary behaviors, practices and processes that represent current practices of the institution in supporting its cybersecurity activity assessment.
The FFIEC members developed the Assessment to help financial institution management determine the institution’s risk profile, inherent risks and cybersecurity preparedness. The Assessment provides a repeatable and measurable process that financial institution management may use to measure cybersecurity preparedness over time. Use of the tool is voluntary, and financial institution management may choose to use the Assessment or another framework, or another risk assessment process to identify inherent risk and cybersecurity preparedness.
Management of financial institutions and management of third-party service providers are primarily responsible for assessing and mitigating their entities’ cybersecurity risk. Financial institutions can find the latest information about cybersecurity risk management on the FFIEC website. Want to know more about how to use this cybersecurity tool in your institution? Contact our financial institutions IT assurance advisors – they stand ready to answer your questions.
This publication is distributed for informational purposes only, with the understanding that Doeren Mayhew is not rendering legal, accounting, or other professional opinions on specific facts for matters, and, accordingly, assumes no liability whatsoever in connection with its use. Should the reader have any questions regarding any of the news articles, it is recommended that a Doeren Mayhew representative be contacted.
A quick registration is required to view our resources.
You will only be asked to do this one time (unless you don't save your browser cookies).