On September 9, 2016, the US Federal Financial Institutions Examination Council issued a revised Information Security booklet, which is part of the FFIEC’s IT Examination Handbook. The Information Security booklet summarizes the factors necessary to an effective information security program. The booklet sets forth updated guidelines for examiners evaluating the adequacy of information security programs of financial institutions and describes the following aspects of effective information security operations, which include (i) effective threat identification, assessment and monitoring and (ii) incident identification assessment and response. In addition, the booklet discusses assurance reports (addressing IT system design and operation) and testing of information security programs as methods to assess and achieve the effectiveness of such programs.
The text of the FFIEC’s IT Handbook is available at: http://ithandbook.ffiec.gov/.