FFIEC issues information security risk assessment advice
- Published: Tuesday, 13 September 2016 06:40
The US Federal Financial Institutions Examination Council (FFIEC) has issued a revised Information Security booklet, which is part of the FFIEC Information Technology Examination Handbook.
The revised booklet addresses the factors necessary to assess the level of security risks to a financial institution’s information systems. The booklet also helps examiners evaluate the adequacy of the information security program’s integration into overall risk management.
The Information Security booklet describes effective information security program management, including the following phases of the life cycle of information security risk management:
- Risk identification
- Risk measurement
- Risk mitigation
- Risk monitoring and reporting.