ThreatAdvice vCISO Platform
ThreatAdvice vCISO Assists Financial Institutions With The Following FFIEC Cybersecurity Requirements:
- Create an inherent risk profile annually and a perform a cybersecurity maturity assessment annually per FFIEC cybersecurity guidelines dated May 2017.
- Have a risk appetite statement and a cybersecurity policy.
- Contract and have performed independent third party intrusion tests (pen tests) at least annually depending on complexity of environment. Two per year usually expected.
- Have external vulnerability testing done periodically. This is best done monthly, but quarterly may suffice for small entities.
- Have an incident response plan that incorporates recovery from cybersecurity events.
- Have an incident response policy that outlines the roles and responsibilities and requirements of the incident response plan.
- Perform risk assessments annually against those threat sources associated with cybersecurity, virus, and malicious code.
- Have backup policies that outline recovery requirements from malicious cyber events.
- Contracts with service providers must have a breach, confidentiality, and notice section.
- BCM (Business Continuity Management) plan guidance date November 2019 requires section on recovery from cybersecurity events.
- Cybersecurity training must be part of annual security awareness training if not a separate training program.
While you’re at it, why not check out our related blog?