On September 9, the Federal Financial Institutions Examination Council (FFIEC) released its revised the “Information Security” booklet of the FFIEC Information Technology Examination Handbook (IT Handbook). The “Information Security” booklet, one of 11 that make up the IT Handbook, provides guidance to examiners and addresses factors necessary to assess the level of security risks to a financial institution’s information systems. It also helps examiners evaluate the adequacy of the information security program’s integration into overall risk management. This guidance applies to all national banks and federal savings associations (collectively, banks). Community banks “should maintain effective information security programs commensurate with their operational complexities.” Additionally, the booklet provides an overview of information security operations, including the need for effective threat identification, assessment and monitoring. It also includes effective incident identification, assessment and response.
The “Information Security” booklet is available here.