On May 12, 2016, Chief Information Officer and Chief Privacy Officer of the US Federal Deposit Insurance Corporation, Lawrence Gross, testified before the Committee on Science, Space, & Technology of the U.S. House of Representatives’ Subcommittee on Oversight. He discussed the FDIC’s information security program and its ability to identify, analyze, report and remediate data security incidents. Gross noted that employees and contractors receive annual training to ensure they will report incidents when they have access to sensitive information. The FDIC also has a security incident response and escalation plan in place to ensure the systematic gathering and analysis of facts relevant to the incident, and an interdisciplinary team responsible for determining the appropriate course of action if there is an elevated risk of harm. After all facts have been gathered, the FDIC takes steps to mitigate the risk of harm and undertake appropriate reporting and notifications commensurate to the severity of the incident. Gross also detailed several remedial steps the FDIC is currently taking to further lower the risk of sensitive information being exposed.
Gross’s testimony is available at: https://fdic.gov/news/news/speeches/spmay1216.html?source=govdelivery&utm_medium=email&utm_source=govdeli very.