Newsroom
July 29, 2015
NCUA explains FFIEC cybersecurity assessment tool; examiners to be trained
NCUA officials discussed the Federal Financial Institutions Examination Council's new cybersecurity assessment tool during a webinar yesterday and said that, while voluntary, it will go far in helping credit unions prepare against cyber threats.
NCUA Information Systems Officer Patrick Truett walked through the basic steps of a cybersecurity risk assessment, which include identifying a credit union's inherent risk profile and assessing its "cyber maturity" level in five key areas. The tool helps institutions determine a target level of maturity and develop a plan to close the gaps, including allocating new resources and adjusting procedures and programs.
While the use of the assessment tool will not be mandatory, NCUA Examination and Insurance Deputy Director Tim Sergeson said NCUA examiners will receive training on the tool to apply it in the exam process to collect information about the credit union industry's cybersecurity preparedness as a whole.
NCUA said it will release a Letter to Credit Unions on the tool shortly and will host a series of meetings around the country to educate credit unions on cybersecurity. Staff also plan to publish a "Frequently Asked Questions" page online. NCUA will solicit industry feedback on the usability and effectiveness of the tool, especially for smaller institutions, Sergeson said.
NCUA will post an archive of Wednesday's recorded webinar within the next few weeks.
NCUA Information Systems Officer Patrick Truett walked through the basic steps of a cybersecurity risk assessment, which include identifying a credit union's inherent risk profile and assessing its "cyber maturity" level in five key areas. The tool helps institutions determine a target level of maturity and develop a plan to close the gaps, including allocating new resources and adjusting procedures and programs.
While the use of the assessment tool will not be mandatory, NCUA Examination and Insurance Deputy Director Tim Sergeson said NCUA examiners will receive training on the tool to apply it in the exam process to collect information about the credit union industry's cybersecurity preparedness as a whole.
NCUA said it will release a Letter to Credit Unions on the tool shortly and will host a series of meetings around the country to educate credit unions on cybersecurity. Staff also plan to publish a "Frequently Asked Questions" page online. NCUA will solicit industry feedback on the usability and effectiveness of the tool, especially for smaller institutions, Sergeson said.
NCUA will post an archive of Wednesday's recorded webinar within the next few weeks.
Share This
Related Resources
Data Privacy Issue Brief
Whitepapers
Data Privacy Issue Brief
Whitepapers
NAFCU Data Privacy Principles
Whitepapers
Compliance Monitor - August 2018
Newsletter
Get daily updates.
Subscribe to NAFCU today.