To All Depository Institutions and Others Concerned
in the Second Federal Reserve District:
The Federal Financial Institutions Examination Council (FFIEC) has updated its Information Security Booklet for examiners and financial institutions to reflect changes in technology and mitigation strategies, as well as recent revisions to related supervisory guidance.
The discussion on risk assessments has been expanded to provide more detailed guidance on identifying information security risks and evaluating the adequacy of controls and applicable risk management practices. In addition, new or revised material is included regarding authentication, monitoring programs, malware, remote access and other topics.
In addition to the revised Information Security Booklet, the FFIEC also issued an executive summary of its IT Examination Handbook that contains a high level synopsis of each of the twelve booklets that comprise the handbook.
See the SR letter and FFIEC’s InfoBase website for full details and notes.