new ffiec management guidancettsmedia.ttstrain.com/cunewffiecguide061516.pdf · 2.rating your...
TRANSCRIPT
![Page 1: New FFIEC Management Guidancettsmedia.ttstrain.com/CUNewFFIECGuide061516.pdf · 2.Rating your Cybersecurity Maturity regarding how prepared you are to handle different Cybersecurity](https://reader033.vdocument.in/reader033/viewer/2022042808/5f85020183e5110a994c730a/html5/thumbnails/1.jpg)
1
New FFIEC Management Guidance
JUNE 15, 2016
Dr. Kevin Streff
Founder: Secure Banking Solutions, LLC
www.protectmybank.com
Goals• Understand New FFIEC Management Guidance
◦ Governance
◦ Risk Management
◦ IT Risk Management
◦ Examination Procedures
• Answer Questions◦ Newly Integrated Cybersecurity Expectations
◦ Clarification around Chief Information Security Officer Role
◦ Direct Information Security Reporting to Board
◦ Executive Management Expectations
◦ IT Risk Assessment Process Overview
◦ Integration of IT into ERM
www.protectmybank.com ©2016 SECURE BANKING SOLUTIONS, LLC 2
![Page 2: New FFIEC Management Guidancettsmedia.ttstrain.com/CUNewFFIECGuide061516.pdf · 2.Rating your Cybersecurity Maturity regarding how prepared you are to handle different Cybersecurity](https://reader033.vdocument.in/reader033/viewer/2022042808/5f85020183e5110a994c730a/html5/thumbnails/2.jpg)
2
Gramm‐Leach‐Bliley Act
• Management must develop a written information security program
• What is the “M” in the CAMEL rating?
• Don’t just do good security things, have a well managed program
• Don’t rely on individual heroism, have a well managed program
3
The Information Security Program is the way management demonstratesto regulators that information security is being managed at the credit union
www.protectmybank.com ©2016 SECURE BANKING SOLUTIONS, LLC
Regulator Requirements: Gramm‐Leach‐Bliley Act
•Gramm‐Leach‐Bliley Act requires you to develop and implement an Information Security Program and conduct Risk Assessments◦ A comprehensive written information security program which defines administrative, technical, and physical safeguards that are appropriate given the size and complexity of a credit union’s operations and the nature and scope of its activities.
◦ Prior to implementing an information security program, a credit union must first conduct a risk assessment which entails:
◦ Identification of reasonably foreseeable internal and external threats that could result in unauthorized disclosure, misuse, alteration, or destruction of member information or member information systems.
◦ Evaluation of the likelihood and potential damage from the identified threats, taking into account the sensitivity of the member information.
◦ Assessment of the sufficiency of the policies, procedures and member information systems in place to control the identified risks.
www.protectmybank.com ©2016 SECURE BANKING SOLUTIONS, LLC 4
![Page 3: New FFIEC Management Guidancettsmedia.ttstrain.com/CUNewFFIECGuide061516.pdf · 2.Rating your Cybersecurity Maturity regarding how prepared you are to handle different Cybersecurity](https://reader033.vdocument.in/reader033/viewer/2022042808/5f85020183e5110a994c730a/html5/thumbnails/3.jpg)
3
Layered Security Approach
5www.protectmybank.com ©2016 SECURE BANKING SOLUTIONS, LLC
6www.protectmybank.com ©2016 SECURE BANKING SOLUTIONS, LLC
![Page 4: New FFIEC Management Guidancettsmedia.ttstrain.com/CUNewFFIECGuide061516.pdf · 2.Rating your Cybersecurity Maturity regarding how prepared you are to handle different Cybersecurity](https://reader033.vdocument.in/reader033/viewer/2022042808/5f85020183e5110a994c730a/html5/thumbnails/4.jpg)
4
7www.protectmybank.com ©2016 SECURE BANKING SOLUTIONS, LLC
www.protectmybank.com ©2016 SECURE BANKING SOLUTIONS, LLC 8
![Page 5: New FFIEC Management Guidancettsmedia.ttstrain.com/CUNewFFIECGuide061516.pdf · 2.Rating your Cybersecurity Maturity regarding how prepared you are to handle different Cybersecurity](https://reader033.vdocument.in/reader033/viewer/2022042808/5f85020183e5110a994c730a/html5/thumbnails/5.jpg)
5
www.protectmybank.com ©2016 SECURE BANKING SOLUTIONS, LLC 9
www.protectmybank.com ©2016 SECURE BANKING SOLUTIONS, LLC 10
![Page 6: New FFIEC Management Guidancettsmedia.ttstrain.com/CUNewFFIECGuide061516.pdf · 2.Rating your Cybersecurity Maturity regarding how prepared you are to handle different Cybersecurity](https://reader033.vdocument.in/reader033/viewer/2022042808/5f85020183e5110a994c730a/html5/thumbnails/6.jpg)
6
FFIEC IT Exam Handbook ‐Management
• Understand New FFIEC Management Guidance◦ Governance
◦ Risk Management
◦ IT Risk Management
◦ Examination Procedures
• Answer Questions◦ Newly Integrated Cybersecurity Expectations
◦ Clarification around Chief Information Security Officer Role
◦ Direct Information Security Reporting to Board
◦ Executive Management Expectations
◦ IT Risk Assessment Process Overview
◦ Integration of IT into ERM
www.protectmybank.com ©2016 SECURE BANKING SOLUTIONS, LLC 11
I. Governance• BOD ‐ oversee
• Senior Management ‐ implement
www.protectmybank.com ©2016 SECURE BANKING SOLUTIONS, LLC 12
Governance refers to how financial institutions manage and control their institution
Includes: • roles, • responsibilities, • processes, • tools, • authorities, • Accountabilities, and • monitoring
![Page 7: New FFIEC Management Guidancettsmedia.ttstrain.com/CUNewFFIECGuide061516.pdf · 2.Rating your Cybersecurity Maturity regarding how prepared you are to handle different Cybersecurity](https://reader033.vdocument.in/reader033/viewer/2022042808/5f85020183e5110a994c730a/html5/thumbnails/7.jpg)
7
IT Management• IT management is responsible for IT performance and
administering the day‐to‐day operation of an institution.
• IT management should perform the following: ◦ Implement IT governance.
◦ Implement effective processes for ITRM, including those that relate to cybersecurity.
◦ Review and annually approve processes for ITRM.
◦ Assess the institution’s inherent IT risks across the institution.
◦ Provide regular reports to the board on IT risks, IT strategies, and IT changes.
◦ Establish and coordinate priorities between the IT department and lines of business.
◦ Establish a formal process to obtain, analyze, and respond to information on threats and vulnerabilities by developing a repeatable threat intelligence and collaboration program.
◦ Ensure that hiring and training practices are governed by appropriate policies to maintain competent and trained staff.
www.protectmybank.com ©2016 SECURE BANKING SOLUTIONS, LLC 13
IT Responsibilities & Functions• An effective IT risk management structure.
• A comprehensive information security program.
• A formal project management process.
• An enterprise‐wide business continuity planning function.
• An accurate and timely process for information systems reporting.
www.protectmybank.com ©2016 SECURE BANKING SOLUTIONS, LLC 14
![Page 8: New FFIEC Management Guidancettsmedia.ttstrain.com/CUNewFFIECGuide061516.pdf · 2.Rating your Cybersecurity Maturity regarding how prepared you are to handle different Cybersecurity](https://reader033.vdocument.in/reader033/viewer/2022042808/5f85020183e5110a994c730a/html5/thumbnails/8.jpg)
8
II. Risk Management• Enterprise risk management
• Focuses primarily on operational risk
• Also deals with strategic, compliance and reputational risk as well
• Management should have a comprehensive view of operations and business processes and put in countermeasures to control the risk.
www.protectmybank.com ©2016 SECURE BANKING SOLUTIONS, LLC 15
III. IT Risk Management• Financial institution management should develop an
effective ITRM process that supports the broader risk management process. As part of the ITRM process, management should perform the following: ◦ Identify risks to information and technology assets within the financial institution or controlled by third‐party providers.
◦ Measure the level of risk. ◦ Mitigate the risks to an acceptable residual risk level in conformance with the board’s risk appetite.
◦ Monitor changing risk levels and report the results of the process to the board and senior management.
www.protectmybank.com ©2016 SECURE BANKING SOLUTIONS, LLC 16
![Page 9: New FFIEC Management Guidancettsmedia.ttstrain.com/CUNewFFIECGuide061516.pdf · 2.Rating your Cybersecurity Maturity regarding how prepared you are to handle different Cybersecurity](https://reader033.vdocument.in/reader033/viewer/2022042808/5f85020183e5110a994c730a/html5/thumbnails/9.jpg)
9
Risk Identification• Management should identify the risks associated
with the types of MFS being offered as part of the institution’s strategic plan.
• Management should incorporate the identification of risks associated with mobile devices, products, services, and technologies into the financial institution’s existing risk management process.
17www.protectmybank.com ©2016 SECURE BANKING SOLUTIONS, LLC
Risk Categories• Strategic
• Operational◦ Technology
◦ Mobile Web Site
◦ Mobile Application
◦ Mobile Payments
• Compliance
• Reputational
18www.protectmybank.com ©2016 SECURE BANKING SOLUTIONS, LLC
![Page 10: New FFIEC Management Guidancettsmedia.ttstrain.com/CUNewFFIECGuide061516.pdf · 2.Rating your Cybersecurity Maturity regarding how prepared you are to handle different Cybersecurity](https://reader033.vdocument.in/reader033/viewer/2022042808/5f85020183e5110a994c730a/html5/thumbnails/10.jpg)
10
Risk Measurement• Measuring the level & types
of risks involved in MFS.
• Measure potential risks across all risk categories.
• Determine likelihood & impact.
• Prioritize results to determine which controls may be appropriate.
• Ongoing and updated.
19www.protectmybank.com ©2016 SECURE BANKING SOLUTIONS, LLC
Risk Mitigation• Develop and implement policies and procedures.
• Audit coverage should include MFS
• Strategic risk mitigation
• Operational risk mitigation
• Reputational risk mitigation
• Compliance risk mitigation
20www.protectmybank.com ©2016 SECURE BANKING SOLUTIONS, LLC
![Page 11: New FFIEC Management Guidancettsmedia.ttstrain.com/CUNewFFIECGuide061516.pdf · 2.Rating your Cybersecurity Maturity regarding how prepared you are to handle different Cybersecurity](https://reader033.vdocument.in/reader033/viewer/2022042808/5f85020183e5110a994c730a/html5/thumbnails/11.jpg)
11
Risk Mitigation• Policies, Standards and Procedures
• Personnel
• Information Security
• Business Continuity
• Software Development and Acquisition
• IT Operations
• Insurance
• Vendor Management
www.protectmybank.com ©2016 SECURE BANKING SOLUTIONS, LLC 21
Monitoring & Reporting• Financial institution management should have
appropriate performance monitoring systems for assessing whether the product or service is meeting operational expectations.
22www.protectmybank.com ©2016 SECURE BANKING SOLUTIONS, LLC
![Page 12: New FFIEC Management Guidancettsmedia.ttstrain.com/CUNewFFIECGuide061516.pdf · 2.Rating your Cybersecurity Maturity regarding how prepared you are to handle different Cybersecurity](https://reader033.vdocument.in/reader033/viewer/2022042808/5f85020183e5110a994c730a/html5/thumbnails/12.jpg)
12
Monitoring & Reporting• Include limits on the level of acceptable risk exposure
that management and the board are willing to assume.
• Identify specific objectives and performance criteria, including quantitative benchmarks for evaluating success of the product or service.
23www.protectmybank.com ©2016 SECURE BANKING SOLUTIONS, LLC
Monitoring & Reporting• Periodically compare actual results with projections
and qualitative benchmarks to detect and address adverse trends or concerns in a timely manner.
• Modify the business plan, when appropriate, based on the performance of the product or service. Such changes may include exiting the activity should actual results fail to achieve projections.
24www.protectmybank.com ©2016 SECURE BANKING SOLUTIONS, LLC
![Page 13: New FFIEC Management Guidancettsmedia.ttstrain.com/CUNewFFIECGuide061516.pdf · 2.Rating your Cybersecurity Maturity regarding how prepared you are to handle different Cybersecurity](https://reader033.vdocument.in/reader033/viewer/2022042808/5f85020183e5110a994c730a/html5/thumbnails/13.jpg)
13
Top Risk Assessment Products
25
Archer www.archer‐tech.com KansasbSECURE www.brintech.com Texas
CoNetrix www.conetrix.com Texas
Modulo www.modulo.com Seattle
Riskkey www.riskkey.com Texas
RiskWatch www.riskwatch.com Maryland
Scout www.locknet‐inc.com Wisconsin
TRAC www.tracadvantage.com South Dakota
WolfPAC www.wolfandco.com Maryland
www.protectmybank.com ©2016 SECURE BANKING SOLUTIONS, LLC
www.protectmybank.com ©2016 SECURE BANKING SOLUTIONS, LLC 26
![Page 14: New FFIEC Management Guidancettsmedia.ttstrain.com/CUNewFFIECGuide061516.pdf · 2.Rating your Cybersecurity Maturity regarding how prepared you are to handle different Cybersecurity](https://reader033.vdocument.in/reader033/viewer/2022042808/5f85020183e5110a994c730a/html5/thumbnails/14.jpg)
14
www.protectmybank.com ©2016 SECURE BANKING SOLUTIONS, LLC 27
www.protectmybank.com ©2016 SECURE BANKING SOLUTIONS, LLC 28
![Page 15: New FFIEC Management Guidancettsmedia.ttstrain.com/CUNewFFIECGuide061516.pdf · 2.Rating your Cybersecurity Maturity regarding how prepared you are to handle different Cybersecurity](https://reader033.vdocument.in/reader033/viewer/2022042808/5f85020183e5110a994c730a/html5/thumbnails/15.jpg)
15
www.protectmybank.com ©2016 SECURE BANKING SOLUTIONS, LLC 29
www.protectmybank.com ©2016 SECURE BANKING SOLUTIONS, LLC 30
![Page 16: New FFIEC Management Guidancettsmedia.ttstrain.com/CUNewFFIECGuide061516.pdf · 2.Rating your Cybersecurity Maturity regarding how prepared you are to handle different Cybersecurity](https://reader033.vdocument.in/reader033/viewer/2022042808/5f85020183e5110a994c730a/html5/thumbnails/16.jpg)
16
Cyber Risk Assessment
www.protectmybank.com ©2016 SECURE BANKING SOLUTIONS, LLC 31
Overview
www.protectmybank.com ©2016 SECURE BANKING SOLUTIONS, LLC 32
![Page 17: New FFIEC Management Guidancettsmedia.ttstrain.com/CUNewFFIECGuide061516.pdf · 2.Rating your Cybersecurity Maturity regarding how prepared you are to handle different Cybersecurity](https://reader033.vdocument.in/reader033/viewer/2022042808/5f85020183e5110a994c730a/html5/thumbnails/17.jpg)
17
FFIEC CA Tool (3 parts)
• Three (3) major components1. Rating your Inherent Risk for Cybersecurity
threats based on your size and complexity
2. Rating your Cybersecurity Maturity regarding how prepared you are to handle different Cybersecurity threats
3. Interpreting and analyzing your results by understanding how your Inherent Risk ties to your Cybersecurity Maturity, and where you SHOULD be regarding risk vs. maturity.
www.protectmybank.com ©2016 SECURE BANKING SOLUTIONS, LLC 33
Increasing Maturity
www.protectmybank.com ©2016 SECURE BANKING SOLUTIONS, LLC 34
![Page 18: New FFIEC Management Guidancettsmedia.ttstrain.com/CUNewFFIECGuide061516.pdf · 2.Rating your Cybersecurity Maturity regarding how prepared you are to handle different Cybersecurity](https://reader033.vdocument.in/reader033/viewer/2022042808/5f85020183e5110a994c730a/html5/thumbnails/18.jpg)
18
SBS Cyber‐RISKtm Tool
• Goals of the FREE Cyber‐RISKtm tool:
1. Automate the Cybersecurity Assessment Tool
2. Save you from creating your own spreadsheet
3. Make your life easier and more efficient
4. Provide you with one‐click reports
5. Improve the process by tying the Inherent Risk and Cybersecurity Maturity processes together more intuitively
6. Access to your own personal Information Security Expert if you need us!
www.protectmybank.com ©2016 SECURE BANKING SOLUTIONS, LLC 35
www.protectmybank.com ©2016 SECURE BANKING SOLUTIONS, LLC 36
![Page 19: New FFIEC Management Guidancettsmedia.ttstrain.com/CUNewFFIECGuide061516.pdf · 2.Rating your Cybersecurity Maturity regarding how prepared you are to handle different Cybersecurity](https://reader033.vdocument.in/reader033/viewer/2022042808/5f85020183e5110a994c730a/html5/thumbnails/19.jpg)
19
www.protectmybank.com ©2016 SECURE BANKING SOLUTIONS, LLC 37
www.protectmybank.com ©2016 SECURE BANKING SOLUTIONS, LLC 38
![Page 20: New FFIEC Management Guidancettsmedia.ttstrain.com/CUNewFFIECGuide061516.pdf · 2.Rating your Cybersecurity Maturity regarding how prepared you are to handle different Cybersecurity](https://reader033.vdocument.in/reader033/viewer/2022042808/5f85020183e5110a994c730a/html5/thumbnails/20.jpg)
20
www.protectmybank.com ©2016 SECURE BANKING SOLUTIONS, LLC 39
www.protectmybank.com ©2016 SECURE BANKING SOLUTIONS, LLC 40
![Page 21: New FFIEC Management Guidancettsmedia.ttstrain.com/CUNewFFIECGuide061516.pdf · 2.Rating your Cybersecurity Maturity regarding how prepared you are to handle different Cybersecurity](https://reader033.vdocument.in/reader033/viewer/2022042808/5f85020183e5110a994c730a/html5/thumbnails/21.jpg)
21
www.protectmybank.com ©2016 SECURE BANKING SOLUTIONS, LLC 41
www.protectmybank.com ©2016 SECURE BANKING SOLUTIONS, LLC 42
![Page 22: New FFIEC Management Guidancettsmedia.ttstrain.com/CUNewFFIECGuide061516.pdf · 2.Rating your Cybersecurity Maturity regarding how prepared you are to handle different Cybersecurity](https://reader033.vdocument.in/reader033/viewer/2022042808/5f85020183e5110a994c730a/html5/thumbnails/22.jpg)
22
www.protectmybank.com ©2016 SECURE BANKING SOLUTIONS, LLC 43
www.protectmybank.com ©2016 SECURE BANKING SOLUTIONS, LLC 44
![Page 23: New FFIEC Management Guidancettsmedia.ttstrain.com/CUNewFFIECGuide061516.pdf · 2.Rating your Cybersecurity Maturity regarding how prepared you are to handle different Cybersecurity](https://reader033.vdocument.in/reader033/viewer/2022042808/5f85020183e5110a994c730a/html5/thumbnails/23.jpg)
23
www.protectmybank.com ©2016 SECURE BANKING SOLUTIONS, LLC 45
Monitoring & Reporting• Metrics
• Performance Benchmarks
• Service Level Agreements
• Policy Compliance
• Effectiveness of Controls
• Quality Assurance and Quality Control
• Reporting
www.protectmybank.com ©2016 SECURE BANKING SOLUTIONS, LLC 46
![Page 24: New FFIEC Management Guidancettsmedia.ttstrain.com/CUNewFFIECGuide061516.pdf · 2.Rating your Cybersecurity Maturity regarding how prepared you are to handle different Cybersecurity](https://reader033.vdocument.in/reader033/viewer/2022042808/5f85020183e5110a994c730a/html5/thumbnails/24.jpg)
24
Exam Procedure• 14 Objectives
47www.protectmybank.com ©2016 SECURE BANKING SOLUTIONS, LLC
Objective 1: Determine the appropriate scope and objectives for the examination.
www.protectmybank.com ©2016 SECURE BANKING SOLUTIONS, LLC 48
![Page 25: New FFIEC Management Guidancettsmedia.ttstrain.com/CUNewFFIECGuide061516.pdf · 2.Rating your Cybersecurity Maturity regarding how prepared you are to handle different Cybersecurity](https://reader033.vdocument.in/reader033/viewer/2022042808/5f85020183e5110a994c730a/html5/thumbnails/25.jpg)
25
Objective 2: Determine whether the board of directors oversees and senior management appropriately establishes an effective governance structure that includes oversight of IT activities.
www.protectmybank.com ©2016 SECURE BANKING SOLUTIONS, LLC 49
Objective 3: As part of the ITRM structure, determine whether financial institution management has defined IT responsibilities and functions. Verify the existence of well‐defined responsibilities and expectations between risk management and IT functional areas, such as information security, project management, business continuity, and information systems reporting.
www.protectmybank.com ©2016 SECURE BANKING SOLUTIONS, LLC 50
![Page 26: New FFIEC Management Guidancettsmedia.ttstrain.com/CUNewFFIECGuide061516.pdf · 2.Rating your Cybersecurity Maturity regarding how prepared you are to handle different Cybersecurity](https://reader033.vdocument.in/reader033/viewer/2022042808/5f85020183e5110a994c730a/html5/thumbnails/26.jpg)
26
Objective 4: Determine the adequacy of the institution’s IT operations planning and investment. Assess the adequacy of the risk assessment and the overall alignment with the institution’s business strategy, including planning for IT resources and budgeting.
www.protectmybank.com ©2016 SECURE BANKING SOLUTIONS, LLC 51
Objective 5: Along with the IT audit and compliance departments, the HR department can serve as an influencing function for IT. Determine the adequacy of the institution’s HR function to ensure its ability to attract and retain a competent workforce.
www.protectmybank.com ©2016 SECURE BANKING SOLUTIONS, LLC 52
![Page 27: New FFIEC Management Guidancettsmedia.ttstrain.com/CUNewFFIECGuide061516.pdf · 2.Rating your Cybersecurity Maturity regarding how prepared you are to handle different Cybersecurity](https://reader033.vdocument.in/reader033/viewer/2022042808/5f85020183e5110a994c730a/html5/thumbnails/27.jpg)
27
Objective 6: Evaluate management’s review and oversight of IT controls, including the other influencing functions of IT audit and compliance.
www.protectmybank.com ©2016 SECURE BANKING SOLUTIONS, LLC 53
Objective 7: Determine whether the institution’s risk management program facilitates effective risk identification and measurement and provides support for risk decisions within ITRM.
www.protectmybank.com ©2016 SECURE BANKING SOLUTIONS, LLC 54
![Page 28: New FFIEC Management Guidancettsmedia.ttstrain.com/CUNewFFIECGuide061516.pdf · 2.Rating your Cybersecurity Maturity regarding how prepared you are to handle different Cybersecurity](https://reader033.vdocument.in/reader033/viewer/2022042808/5f85020183e5110a994c730a/html5/thumbnails/28.jpg)
28
Objective 8: Determine whether the board of directors oversees and senior management proactively mitigates operational risk.
www.protectmybank.com ©2016 SECURE BANKING SOLUTIONS, LLC 55
Objective 9: Determine whether management implements an ITRM process that supports the overall enterprise‐wide risk management process.
www.protectmybank.com ©2016 SECURE BANKING SOLUTIONS, LLC 56
![Page 29: New FFIEC Management Guidancettsmedia.ttstrain.com/CUNewFFIECGuide061516.pdf · 2.Rating your Cybersecurity Maturity regarding how prepared you are to handle different Cybersecurity](https://reader033.vdocument.in/reader033/viewer/2022042808/5f85020183e5110a994c730a/html5/thumbnails/29.jpg)
29
Objective 10: Determine whether the institution maintains a risk identification process that is coordinated and consistent across the enterprise.
www.protectmybank.com ©2016 SECURE BANKING SOLUTIONS, LLC 57
Objective 11: Determine whether institution management maintains a risk measurement process that is coordinated and consistent across the enterprise.
www.protectmybank.com ©2016 SECURE BANKING SOLUTIONS, LLC 58
![Page 30: New FFIEC Management Guidancettsmedia.ttstrain.com/CUNewFFIECGuide061516.pdf · 2.Rating your Cybersecurity Maturity regarding how prepared you are to handle different Cybersecurity](https://reader033.vdocument.in/reader033/viewer/2022042808/5f85020183e5110a994c730a/html5/thumbnails/30.jpg)
30
Objective 12: Determine whether financial institution management effectively implements satisfactory risk mitigation practices.
www.protectmybank.com ©2016 SECURE BANKING SOLUTIONS, LLC 59
Objective 13: Determine whether IT management develops satisfactory measures for defining and monitoring metrics, performance benchmarks, service level agreements, compliance with policies, effectiveness of controls, and quality assurance and control. Determine whether management developed satisfactory reporting of ITRM activities.
www.protectmybank.com ©2016 SECURE BANKING SOLUTIONS, LLC 60
![Page 31: New FFIEC Management Guidancettsmedia.ttstrain.com/CUNewFFIECGuide061516.pdf · 2.Rating your Cybersecurity Maturity regarding how prepared you are to handle different Cybersecurity](https://reader033.vdocument.in/reader033/viewer/2022042808/5f85020183e5110a994c730a/html5/thumbnails/31.jpg)
31
Objective 14: Discuss corrective action and communicate findings.
www.protectmybank.com ©2016 SECURE BANKING SOLUTIONS, LLC 61
Layered Security Approach
62www.protectmybank.com ©2016 SECURE BANKING SOLUTIONS, LLC
![Page 32: New FFIEC Management Guidancettsmedia.ttstrain.com/CUNewFFIECGuide061516.pdf · 2.Rating your Cybersecurity Maturity regarding how prepared you are to handle different Cybersecurity](https://reader033.vdocument.in/reader033/viewer/2022042808/5f85020183e5110a994c730a/html5/thumbnails/32.jpg)
32
63www.protectmybank.com ©2016 SECURE BANKING SOLUTIONS, LLC
64www.protectmybank.com ©2016 SECURE BANKING SOLUTIONS, LLC
![Page 33: New FFIEC Management Guidancettsmedia.ttstrain.com/CUNewFFIECGuide061516.pdf · 2.Rating your Cybersecurity Maturity regarding how prepared you are to handle different Cybersecurity](https://reader033.vdocument.in/reader033/viewer/2022042808/5f85020183e5110a994c730a/html5/thumbnails/33.jpg)
33
Contact Info
• Dr. Kevin Streff
◦ Dakota State University
◦ 605.270.0790
◦ Secure Banking Solutions, LLC
◦ www.protectmybank.com
◦ 605.270.0790
65www.protectmybank.com ©2016 SECURE BANKING SOLUTIONS, LLC
Thank You!
www.protectmybank.com ©2016 SECURE BANKING SOLUTIONS, LLC 66
Upcoming CUWebinarsJune 17th - New Customer Due Diligence Rules:
Part One Legal Entity Customers
July 7th - Ransomware Spurs New Guidance
July 14th - Critical issues on Share Accounts: Identifying Your Member
July 20th - Regulation CC: Update and Review
August 5th - ALERT! New Customer Due Diligence Rules: Part Two Consumers
August 10th - Best-Ever Compliance Checklist for Consumer Loans
Don’t forget about our listing of OnDemand programs at CUWebinars.com!
Wesley KavelarisTTS800‐831‐[email protected]