ThreatAdvice vCISO Platform

ThreatAdvice vCISO Assists Financial Institutions With The Following FFIEC Cybersecurity Requirements:

  • Create an inherent risk profile annually and a perform a cybersecurity maturity assessment annually per FFIEC cybersecurity guidelines dated May 2017.
  • Have a risk appetite statement and a cybersecurity policy.
  • Contract and have performed independent third party intrusion tests (pen tests) at least annually depending on complexity of environment. Two per year usually expected.
  • Have external vulnerability testing done periodically. This is best done monthly, but quarterly may suffice for small entities.
  • Have an incident response plan that incorporates recovery from cybersecurity events.

CyberAttacks Webinar Recording - Watch Now!

  • Have an incident response policy that outlines the roles and responsibilities and requirements of the incident response plan.
  • Perform risk assessments annually against those threat sources associated with cybersecurity, virus, and malicious code.
  • Have backup policies that outline recovery requirements from malicious cyber events.
  • Contracts with service providers must have a breach, confidentiality, and notice section.
  • BCM (Business Continuity Management) plan guidance date November 2019 requires section on recovery from cybersecurity events.
  • Cybersecurity training must be part of annual security awareness training if not a separate training program.

While you’re at it, why not check out our related blog?

Cyber-Crime Effects on Regulatory Exams