FFEIC Updates its Information Security Guides
The Federal Financial Institutions Examination Council has revised the “Information Security” booklet of the agency’s FFIEC Information Technology Examination Handbook.
According to the agency, the new booklet, available here, “describes effective information security program management, including the following phases of the life cycle of information security risk management”:
- Risk identification
- Risk measurement
- Risk mitigation
- Risk monitoring and reporting
The new FFIEC booklet also covers such areas as effective threat identification, assessment, and monitoring, along with “methods to achieve and assess information security program effectiveness, including assurance and testing.” The information security booklet “also helps examiners evaluate the adequacy of the information security program’s integration into overall risk management,” the agency said.