FFIEC Cyber Security Assessment Tool (Assessment) for Financial Institutions: What You Need to Know in 2016 and Beyond
In June 2015, the Federal Financial Institutions Examination Council (FFIEC) issued a Cyber Security Assessment 'Tool' (Assessment) to help financial institutions evaluate their institutional cyber security risk, preparedness, and mitigation ability.
There are 5 major risk categories including, technologies and connection types, delivery channels, online and mobile products and technology service, organizational characteristics, and external threats. In addition, there are 5 levels of cyber security preparedness ('Maturity') for financial institutions, ranging from baseline, evolving, intermediate, advanced, and innovative. These include examination of various categories ('Domains') including, 'cyber risk management and oversight', 'threat intelligence and collaboration', 'cyber security controls', 'external dependency management', and 'cyber incident management and resilience'. Cyber security principles taken from the FFIEC Information Technology Examination Handbook were incorporated in the Assessment 'tool'.
Understanding each of these components can be a challenge not only for the un-initiated, but also the seasoned veteran. Learn what tools work best to address each of the 5 major categories, understanding that one size does not fit all. The webcast also will discuss the importance of sound data governance and how such practices work to improve the security footprint of an organization and help assure practical compliance sometimes overlooked in writing to standards. As standards become more important for all interested parties such as regulators, courts and business partners, understanding the why, what and how will be essential.
Key topics include:
- Cyber Security Assessment Tool (Assessment)- An Overview
- Inherent Risk Profile
- Evaluation of Cyber Security Maturity
- Five Risk Categories
- Technologies and Connection Types
- Delivery Channels
- Online and Mobile Products & Technology Services
- Organizational Characteristics
- External Threats
- Five Domains
- Cyber Risk Management and Oversight
- Threat Intelligence and Collaboration
- Cyber Security Controls
- External Dependency Management
- Cyber Incident Management and Resilience
- Implementation Issues
- Possible Legal Challenges
- Regulatory Issues
- Effects and Implications for Financial Institutions
King and Spalding
- The background of the tool
- Placeholder for discussion of aspect(s) of tool
- Regulatory examinations/enforcement actions.
Troutman Sanders LLP
AHoy & Associates/ ISSA/ Financial SIG
- Discuss the components of a comprehensive information security program. The FFIEC assessment tool is one piece to a comprehensive information security program for financial institutions.
- Discuss the need for practical, measurable and repeatable standards – the assessment should be conducted whenever there is a change in business operations to evaluate how the change will affect an organization’s cybersecurity risk profile and maturity level. The policies should be written in a manner to be easily understood and followed, reflecting the practical reality of the business operation. Discuss sound information governance practices and role of CISO.
- Discuss regulatory examinations/litigation standards and the benefits of using commercially reasonable information security standards – Wyndham Worldwide (compliance with PCI-DSS) as an example; FRB has indicated that they will use the FFIEC assessment tool in their examination process; FDIC will address the use of the tool during their examinations; etc.
Who Should Attend:
- Financial Lawyers
- Financial Institutions
- Top Level Management
- Financial and Executive Directors
- Chief Financial Officers
- Financial Officers
- In-house Counsel
- Regulatory and Compliance Personnel
- Senior Financial Professionals
- Cyber Security Professionals
- Other Interested Professionals
Kyle Sheahen is an associate in the Special Matters/Government Investigations Practice Group in King & Spalding's New York office. Mr. Sheahen’s practice focuses on white collar criminal defense litigation, federal and state government investigations, corporate internal investigations, and the establishment of corporate compliance programs. Mr. Sheahen’s experience includes investigations by the Department of Justice, the Securities and Exchange Commission, and the United States Senate.
Kyle Sheahen is an associate in the Special Matters/Government Investigations Practice Group in King & Spalding's New York office. Mr. …
Ron Raether is a partner in the Cybersecurity, Information Governance and Privacy, and Financial Services Litigation practices at Troutman Sanders. Ron is known as the interpreter between the business and information technology, guiding both parties to the best result. In this role, Ron has assisted companies in navigating federal and state privacy laws for almost twenty years. Ron's experience with technology related issues, including data security, patent, antitrust, and licensing and contracts, helps bring a fresh and creative perspective to novel data compliance issues. Ron has been involved in seminal data compliance cases, assisting one of the first companies required to provide notice of a data breach and successfully defending companies in over 50 class actions. Ron also has represented companies in over 200 individual FCRA cases involving CRAs, resellers, furnishers, users, and public record vendors. Ron has developed a reputation for assisting companies not traditionally viewed as subject to the FCRA or with FCRA compliance questions where the law remains uncertain or unresolved.
Ron not only works with companies which have experienced unauthorized access to consumer data or have been named defendants in class actions and before regulators, but also has advised companies in developing compliance programs to proactively address these issues. As a thought leader, Ron speaks nationally and publishes frequently on cutting-edge compliance issues. Ron is also a Certified Information Privacy Professional.
Ron Raether is a partner in the Cybersecurity, Information Governance and Privacy, and Financial Services Litigation practices at Troutman Sanders. …
Andrea is the founder of A.Hoy & Associates specializing in providing virtual CISO services to companies in transition, startups, and those that just need an encyclopedia of cybersecurity background to handle and fix issues. She is actively involved in the cyber community serving as the International President of Information Systems Security Association (ISSA), the community of choice for international cybersecurity professionals dedicated to advancing individual growth, managing technology risk and protecting critical information. ISSA members represent over 10,000 security professionals worldwide with 137 chapters in 71 countries. Ms. Hoy recently chartered the Financial SIG open to any who have an interest in this area of expertise and actively creating relationships with the community, both law enforcement and industry. Andrea’s leadership positions include leadership roles for McDonnell Douglas, Rockwell, Boeing NA, Fluor and a $10 billion credit union.
Andrea is the founder of A.Hoy & Associates specializing in providing virtual CISO services to companies in transition, startups, and …
Print and review course materials
Method of Presentation:
NASBA Field of Study:
NY Category of CLE Credit:
Unlock All The Knowledge and Credit You Need
Leading Provider of Online Continuing Education
It's As Easy as 1, 2, 3
Get Your 1-Year All Access Pass For Only $199
About King and Spalding
Celebrating more than 130 years of service, King & Spalding is an international law firm that represents a broad array of clients, including half of the Fortune Global 100. The firm’s practice spans the full range of litigated, regulatory and transactional work, with substantial expertise in antitrust, energy, environmental, finance, financial restructuring, government advocacy and public policy, healthcare, intellectual property, international arbitration, government investigations, international trade, life sciences, mergers and acquisitions, private equity, project development, real estate, tax and tort matters.
About Troutman Sanders LLP
Founded in 1897, Troutman Sanders LLP is an international law firm with more than 600 lawyers practicing in offices located throughout the United States and Asia. The firm’s clients range from large multinational corporations to individual entrepreneurs and reflect virtually every sector and industry. The firm’s heritage of extensive experience, exceptional responsiveness and an unwavering commitment to service has resulted in strong, long-standing relationships with clients across the globe. In recognition of the firm’s strong service culture, Troutman Sanders has been on the BTI Client Service A-Team for 11 consecutive years.
About AHoy & Associates/ ISSA/ Financial SIG
A. Hoy & Associates (AHA), a thriving information security consulting firm that was established to provide essential information security expertise on immediate and specific information security. Their specialty is providing seasoned CISOs that can provide “virtual CISO” expertise for those companies that need assistance, are in the middle of turnover, or just need additional C-level staffing to address an urgent matter or effort. Other services provided range from a quick policy review to wireless vulnerability risk assessments, computer forensics/investigations, senior management briefings, and assisting with developing a total information security strategic plan customized to the specific company culture quickly and efficiently with the utmost discretion.