Sage Advice - Cybersecurity Blog

Understanding the FFIEC Cybersecurity Assessment Tool

In light of the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council (FFIEC) developed the Cybersecurity Assessment Tool (Assessment) to help institutions identify their risks and determine their cybersecurity maturity. The methodology provides a repeatable process to measure your cybersecurity preparedness over time.

Read More

Topics: Compliance, Financial Sector

.BANK-ing on Better Cybersecurity

Every organization stands to lose a lot when it comes to cyber-attacks, but because they’re managing customer money and operating in a heavily regulated industry, financial services institutions have their own set of challenges. They’ve got a lot at stake on the cybersecurity front. So when ICANN announced it was expanding the number of generic top-level domain names (TLDs) from fewer than 25 to what will likely soon number in the thousands — banking associations didn’t want to take any chances with the .BANK and .INSURANCE TLDs.

Read More

Topics: CyberCrime Symposium, Financial Sector

Cybersecurity Exam Expectations - Five Key Areas You Should Focus On

In preparation for upcoming regulatory examinations, every financial institution should immediately start evaluating their cybersecurity profile. Examiners' cybersecurity assessment expectations are that executive management and boards of directors have an understanding of their banks cybersecurity strengths and weaknesses. According to those familiar with the examination pilot, cybersecurity examinations will focus on five key areas – governance, threat intelligence and collaboration, cybersecurity controls, external dependency management, and cyber incident management and resilience.

Read More

Topics: Compliance, Financial Sector

2015 FFIEC Cybersecurity Priorities

Earlier this year, the Federal Financial Institutions Examiner’s Council (FFIEC) announced that their 2015 cybersecurity priority is to enhance regulator and financial institution assessment and examination capabilities, including updating the IT Examination Handbook, enhancing the technology service provider (TSP) examinations, and providing financial institutions with a self-assessment tool.

Read More

Topics: Compliance, Financial Sector

Why Cybersecurity is an Executive Responsibility

Cyber-attacks are escalating at an unprecedented pace with frightening veracity. Successful attacks not only result in major service disruptions and theft of data, but also the appropriation of infrastructure to perpetuate attacks on others. According to Forbes, the average loss per incident is up 23% year-over-year, and that the number of organizations reporting losses of more than $10 million per incident is up 75% from just two years ago.

Read More

Topics: Financial Sector, Risk Management, Compliance