Skip to main content
United States flag An official website of the United States government
Show

Financial Regulators Release Revised Information Security Booklet

September 2016
Financial Regulators Release Revised Information Security Booklet

ALEXANDRIA, Va. (Sept. 9, 2016) – The Federal Financial Institutions Examination Council (FFIEC) members today issued a revised Information Security booklet, which is part of the FFIEC Information Technology Examination Handbook (IT Handbook).

The revised booklet addresses the factors necessary to assess the level of security risks to a financial institution’s information systems. The booklet also helps examiners evaluate the adequacy of the information security program’s integration into overall risk management.

The Information Security booklet describes effective information security program management, including the following phases of the life cycle of information security risk management:

  • Risk identification
  • Risk measurement
  • Risk mitigation
  • Risk monitoring and reporting

The booklet provides an overview of information security operations, including the need for effective (1) threat identification, assessment, and monitoring and (2) incident identification, assessment and response. It discusses methods to achieve and assess information security program effectiveness, including assurance and testing. It also incorporates cybersecurity concepts, such as threats, controls, and resource requirements for preparedness. The booklet contains updated examination procedures to help examiners measure the adequacy of an institution’s culture, governance, information security program, security operations, and assurance processes.

The IT Handbook is available at http://ithandbook.ffiec.gov/.

Media Contacts:

AgencyNamePhone
CFPBSam Gilford202.435.7673
FDICLaJuan Williams-Young202.898.3876
FRBDarren Gersh202.452.2955
NCUAJohn Fairbanks703.518.6336
OCCStephanie Collins202.649.6870
SLCJim Kurtzke202.728.5733

Last modified on