One way you can accomplish all three objectives – determine your cyber risk, identify inherent risks, and gauge your cybersecurity preparedness – is to use the Federal Financial Institutions Examination Council's Cybersecurity Assessment Tool.
The FFIEC members developed the Assessment to help financial institution management determine the institution’s risk profile, inherent risks and cybersecurity preparedness. The Assessment provides a repeatable and measurable process that your firm may use to measure cybersecurity preparedness over time.
The first part of the Assessment is to determine your inherent risk profile. Inherent risk takes into account the type, volume, and complexity of an institution's operations and the threats directed at your institution, but it does not include mitigating controls. The risk profile will help management determine how your activities, services, and products – both individually and collectively – expose your organization to risk.
Part 2 of the tool relates to Cybersecurity Maturity – it is designed to help management measure your f organization's level of risk and corresponding controls. Cybersecurity maturity includes statements to determine whether an institution's behaviours, practices, and processes can support cybersecurity preparedness. Use of this tool is of course voluntary, and you may choose to use the Assessment, another framework, or a different risk assessment process altogether.
Attend this webinar to determine whether your bank is a sitting duck for cyber crime. You will discover numerous methods to identify your organization's inherent risk and cybersecurity preparedness, and mitigate the risk of cyber threats.
-----------------------------
Learn more about Carly Souther's webinar 10 Steps to Cybersecurity Continuity & Compliance
U.S. Community Banks are Sitting Ducks for Cyber Crimes
Answered by:
Question:
How can I determine my bank's cyber risk, inherent risks to my institution, and measure our cybersecurity preparedness profile?
Answer: