FFIEC Issues New Info Security Handbook Posted by AVCU on 12:40 PM

The Federal Financial Institutions Examination Council (FFIEC), of which NCUA is a member, has issued a revised Information Security booklet, which is part of the FFIEC Information Technology Examination Handbook (IT Handbook).

The new booklet helps assess the level of security risks to a financial institution’s information systems, and helps examiners evaluate the adequacy of the information security program’s integration into overall risk management. The booklet describes effective information security program management, including:

• Risk identification
• Risk measurement
• Risk mitigation
• Risk monitoring and reporting

The booklet provides an overview of information security operations, including the need for effective:

• threat identification, assessment, and monitoring
• incident identification, assessment and response. 

It outlines methods to assess information security program effectiveness, including assurance and testing and incorporates cybersecurity concepts, and measures the adequacy of an institution’s culture, governance, information security program, security operations, and assurance processes.
The revised FFIEC booklet is available at http://ithandbook.ffiec.gov/