FFIEC’s Cybersecurity Assessment Tool for Cybersecurity Preparedness: What Your Firm Needs to Know in 2016
Financial institutions increasingly are dependent on sophisticated information technology and advanced telecommunications to provide their services and to do business. Any disruption or unauthorized alteration of data, systems, and information can affect their operations, security, and legal liability.
In light of the increasing number, frequency, and sophistication of cyber threats, the Federal Financial Institutions Examination Council (FFIEC) in June 2015 released a model, Cybersecurity Assessment Tool (CAT) to help banks and other financial institutions identify, assess, and mitigate their cybersecurity preparedness, and to complement their existing risk management and cybersecurity programs. Much of this advice is based upon the National Institute of Standards and Technology's (NIST) 2014 Cybersecurity Framework. The FFIEC is an inter-agency organization prescribing and setting uniform principles, standards, and reports for the federal examination of financial institutions by the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the Office of the Comptroller of the Currency, the Consumer Financial Protection Bureau, the National Credit Union Administration, and others.
By measuring 39 cybersecurity risk factors based on the complexity, type, 'maturity', and volume of service, the CAT enables determination of inherent relative cybersecurity risk by 'gap analysis'. The FFIEC stresses the importance of involving senior board directors, corporate officials, and other staff in the assessment and mitigation process. The FFIEC's Cybersecurity and Critical Infrastructure Working Group also wants to enhance cooperation with other institutions, government agencies, and the private sector concomitant to augmenting employee training and regulatory examination procedures.
However, the FFIEC's attempt to quantify cyber risk is considered oversimplified by some critics, and complicating a single 'tool's' effectiveness is the fact that relative cybersecurity risks will vary greatly between and even within organizations.
The Knowledge Group is hosting a LIVE Webcast on the FFIEC's Cybersecurity Assessment Tool. Speakers will review and discuss the main features of the CAT model and suggest how your organization can assess relative risk and develop Robust Cybersecurity Preparedness in 2016. Speakers will provide insight and advice into the most critical security and regulatory issues addressed in the model.
Some of the major topics that will be covered in this course are:
- FFIEC's Cybersecurity Assessment Tool - An Overview
- Cybersecurity Risk Management and Oversight
- Threat Intelligence and Collaboration
- Cybersecurity Controls
- External Dependency Management
- Cyber Incident Management and Resilience
- Role of Boards of Directors and CEOs
- CAT - Inherent Risk Profile
- CAT - Cybersecurity Maturity
- Enforcement and Implementation
- Implications for Financial Institutions
- Future Legal Challenges
- Compliance Risks
- Targets constantly moving
- Connect the dots between relevant threats and what you need to spend cycles on (assess risk and decide what's relevant)
- Checking the box (Compliance) must be done, but it is not the same as threat intelligence, controls and countermeasures
- What realistically can be done because resources limit how much/what can be done from a security perspective
Watkins Consulting, Inc.
- Perspective on FFIEC voluntary cyber assessment tool and its relationship to the NIST Framework for improving critical infrastructure cybersecurity
- Relationship of cyber maturity and risk
- Implementation recommendations
Apple Federal Credit Union
- FFIEC tool valuable as a method for leading an organization where it needs to be
- Putting FFIEC into real terms - applying lessons learned
- Threat intelligence as a key component of informing your security program and risk assessment (Domains 1 (risk assessment) and 2 (threat intel) of FFIEC
Who Should Attend:
- Board Members
- Chief Executive Officers
- Chief Financial Officers
- Senior Managers
- Financial Officers
- Information Technology and Network Managers
- In-house Counsel
- Litigation Attorneys
- Risk Assessment Managers
- Regulatory Compliance Officers
- Cyber Security Professionals
- Other Interested Professionals
Tim Layton is a cybersecurity professional with over 25 years of experience, having worked as a trusted advisor to some of world's leading public and private organizations. Mr. Layton is widely regarded for his strategic and innovative approach to developing enterprise cybersecurity and risk management strategies, programs, and processes to combat the ever-changing cyber threat landscape and associated risks facing organizations.
Before joining SurfWatch Labs as the Chief Intelligence Officer, Mr. Layton held senior leadership roles with Cisco, EMC, and Wells Fargo. At Cisco, he was a Principal for Cisco’s Global Enterprise Cybersecurity Theatre. Mr. Layton was a Principal for EMC’s Security & Risk Management practice and before that served as Vice President for Wells Fargo where he specialized in enterprise cyber risk across all business units and third-party risk management.
Mr. Layton received an MBA and BA from Lindenwood University in St. Louis, and has earned a wide variety of security-related certifications over the years to include CISSP, SANS GSEC, GCIH, GCFW, GREM, ECNE, CCNA, SCO ACE, MCSE.
Tim Layton is a cybersecurity professional with over 25 years of experience, having worked as a trusted advisor to some …
Mr. Johnston is an advocate for solving business problems with cost effective information technology. Throughout his 25 years of technology development for organizations ranging from start-ups to General Electric, working both internally and as a consultant, Mr. Johnston has made businesses work better. He is able to combine a technical understanding with a management perspective to create data driven real-world recommendations designed to improve information systems from operations through governance. Mr. Johnston believes that successful transformations are those where the process becomes easier. Currently, Mr. Johnston is focused on helping financial institutions and small businesses create or improve their cybersecurity governance practices through the use of NIST and FFIEC metrics. He has designed governance tools and is certified in Cyber Rx to help firms confront the complexity of cybersecurity. Mr. Johnston is a graduate of MIT and American University.
Mr. Johnston is an advocate for solving business problems with cost effective information technology. Throughout his 25 years of technology …
Larry Larsen is a former cyber security contractor for the U.S. Government, bringing close to 20 years of experience in mission security, counterintelligence, network incident response, digital forensics, technical management, strategic planning, and business development. He has received numerous awards and commendations for his work in these areas.
He has documented success in Program Management, with extensive knowledge of Information Technology and security systems, Help Desk operations, implementation of Enterprise security protocols and services, and development of effective policies and procedures, including enterprise Policies, CONOPs, Standard Operating Plans, and System Security Plans for individual mission areas.
Mr. Larsen also has extensive experience in Security Operations Center and Network Operations Center management and operations, cyber counterintelligence operations, and development and presentation of training programs in cyber security, counterintelligence, and insider threat detection.
In addition to his work with the Government, he has been an independent consultant to cyber security small businesses, providing valuable advice and input in business development, strategic planning, and proposal development.
He has been a consultant for Federal Law Enforcement cyber behavioral analysis programs, providing advice on criminal and counterintelligence cases involving malicious use of computer systems by criminal and state-sponsored threat actors, and has been a Training Consultant for the FBI Counter Intelligence Training Center.
Mr. Larsen is a Certified Expert Witness in forensic computer investigation, providing testimony in numerous cases in both local and Federal matters.
Larry Larsen is a former cyber security contractor for the U.S. Government, bringing close to 20 years of experience in …
Print and review course materials
Method of Presentation:
NASBA Field of Study:
NY Category of CLE Credit:
Unlock All The Knowledge and Credit You Need
Leading Provider of Online Continuing Education
It's As Easy as 1, 2, 3
Get Your 1-Year All Access Pass For Only $199
About SurfWatch Labs
SurfWatch Labs helps organizations and service providers quickly establish a strategic cyber threat intelligence operation that drives more effective use of their tactical defenses.
Founded in 2013 by former US Government intelligence analysts, SurfWatch Labs solutions provide a 360-degree view of cyber threats in the context of your business, along with practical and personalized support to create immediate insights and meaningful action. Combining useful analytics, applications and human expertise, SurfWatch solutions can be your off-the-shelf, cyber threat intelligence team or delivered as a comprehensive product suite that easily integrates with your existing cybersecurity operations.
SurfWatch Labs: Cyber In Sight. For more information, visit www.surfwatchlabs.com.
About Watkins Consulting, Inc.
Watkins Consulting is a management consulting firm specializing in accounting, regulatory compliance and risk management. Watkins Consulting offers a suite of cybersecurity risk mitigation tools including NIST and FFIEC cybersecurity evaluations, penetration testing, network analysis and breach remediation. Watkins has 25+ years in regulatory compliance and risk management in the financial industry, a staff of industry experts with public trust clearances, and vetted technical partners who are ready to work to improve Watkins’ clients’ cybersecurity sophistication. Watkins Consulting currently provides services to both government and private sector entities.
About Apple Federal Credit Union
In 1956, a group of educators working within the Fairfax County Public School system came together to assist a colleague in purchasing a set of car tires. This seemingly simple act, though these 10 teachers could not have known it at the time, planted the seeds for a partnership that would span half a century and serve thousands of members in the pursuit of an improved life, either through education and/or the achievement of dreams. Now over $2 billion in total assets with 22 branches, Apple FCU continues this tradition of service with a full-range of high-quality, low-cost financial products and services designed to help members achieve their financial goals.