Cybersecurity is a moving target. Some say that hackers never sleep. They always seem to find new ways to access sensitive data for profit or to disrupt banking operations. That’s why the regulators are working to help bankers to protect sensitive customer data and to keep banking transactions flowing.
The first significant effort to help was the FFIEC’s Cybersecurity Assessment Tool (CAT) which was released in June 2015. As with any version 1.0 product, there were some things that needed to be revised and improved. The current version 1.1 of the CAT was issued in May 2017 to improve the tool and incorporate changes found in the September 2016 edition of the FFIEC IT Examination Handbook.
Those changes resulted in a revised mapping in Appendix A of the CAT to the FFIEC’s updated Information Security and Management booklets. Version 1.1 also provides additional response options so that management can include their own practices when using the CAT. For instance, management can document the behaviors, practices and processes they use to prevent or detect attacks as support for responses in the CAT.
While using the CAT is voluntary, regulators expect management to have some formalized process to assess their cybersecurity risks. That’s why it’s important to understand the changes in Version 1.1 of the CAT. Those changes represent the risk issues the regulators are focused on and the approach management should be taking in assessing cybersecurity risks. So even if your institution uses a different assessment tool, you still need to understand the regulatory focus on assessing cybersecurity risk.
Please join Gary Deutsch in this critical discussion of the regulator’s cybersecurity preparedness process included in Version 1.1 of the FFIEC’s CAT.
WHAT YOU’LL LEARN
During this important webinar, Gary Deutsch will discuss:
- How to use Version 1.1 of the FFIEC’s Cybersecurity Assessment Tool
- Details of what has changed between version 1.0 and 1.1 of the FFIEC’s CAT
- The risk implications of these changes
- How management should address the changes as they conduct a cybersecurity risk assessment
- AND MUCH MORE!
YOUR CONFERENCE LEADER
Your conference leader for "Improve Your Cybersecurity Response Program: Using Version 1.1 of the Cybersecurity Assessment Tool” is Gary Deutsch, president, BRT Publications LLC. Mr. Deutsch is a licensed CPA in Maryland and has a B.A. in accounting and an MBA in finance from Loyola University Maryland. He has also achieved the Certified Management Accountant, Certified Internal Auditor and Certified Bank Auditor designations. Mr. Deutsch is the founder and president of BRT Publications LLC.
Mr. Deutsch has trained thousands of financial institution professionals in all aspects of risk management and has written numerous books in the U.S. and Europe on topics such as credit risk, internal audit and compliance with Generally Accepted Accounting Principles. Mr. Deutsch has extensive risk management and internal audit experience through his association with financial institutions of all sizes as well as through his role leading the KPMG financial institution consulting practice in the Mid-Atlantic region.