24 HќќѠіђџȱ юћјђџ ђѝѡђњяђџȱ2016 Continued from page 23. 7KLV LQIRUPDWLRQ LV SURYLGHG IRU JHQHUDO HGXFDWLRQ SXUSRVHV DQG LV QRW LQWHQGHG WR EH OHJDO DGYLFH 3OHDVH FRQVXOW OHJDO FRXQVHO IRU VSHFLÀF JXLGDQFH DV WR KRZ WKLV LQIRUPDWLRQ DSSOLHV WR \RXU LQVWLWXWLRQ·V FLUFXPVWDQFHV RU VLWXDWLRQ 1 FFIEC Cybersecurity Assessment Tool (June 2015). 2 Although the original Tool was released in a static PDF format that was not user-friendly, the ¡ȱȱȱ¢ȱȱȱ ȱȱȱȱȱĜǰȱȱ ȱȂȱȱȱȱȱ ȃ ęȄȱȱȱȱǯ ȱ ȱ ȱȱȱȱȱǵȱ ȱȱǯȱ ȱȱ ȱȱȱȱȱ ȱȱȱ¢ȱȱȱ ȱȱǰȱǰȱ ȱȱȱȱȱ ȱȱȱȱȱȱ Ȃȱ¢ȱȱǯ ȱ ȱ¢ȱ¢ȱȱ¡ǵȱ ȱȱ ǰȱȱȱ ǯȱȱȱ ȱ ȱ¢ȱ ȱȱ ȱȱ¢ȱ ȱ ȱ ȭȱȃ ȱ ȱ¢ȱ ȱ Ȅȱȭȱȱ ȱȱ ǯȱŜȬŝȱȱȱ ¢ȱ ¢ȱ ȱȱ ǰȱ Ȭ ǯȱ Ĵȱ ȱȱȱ ȱȱȱ ȱǰȱ ȱȱȱȱȱȱ ȱȱȱȱ ȱ ȱǯ ȱ ȱȱȱȱȱ ǞŘŖŖȱȱȱǰȱȱ ¢ȱȱȱȱ ȱȱȱǯȱ ȱ ȱȱȱȱȬ ǰȱȱ ȱ ȱ ȱ ȱ ȱȱŞŝŝȬŘřŘȬŖŞśşǰȱDZȱ ǯ ȓǯǰȱȱȱ ǯȦǯ ȱ ȱ ǰȱ ȱ¢ȱȱ ȱ ȱ ȱ ȱ ǰȱȱȱ ȱ ȱ ȱȱȱ ȱ ȱ ǯȱ ȱ£ȱěȱ ȱȬȱȱ ȱȱ ęȱ¡ȱȱȱ¢ǯȱ ȱ ǰȱȱȱHoosier Banker Digitalȱ ȱǯǰȱȱȱȱ ȱȱ ȱ ȱǯȱȱ CRA Partners Conference Financial Services Information Sharing and Analysis Center has collaborated with members of the Financial Services Sector Coordinating Council to create an automated version of the Tool to DVVLVW ÀQDQFLDO LQVWLWXWLRQV RI DOO VL]HV WR FROOHFW and score their responses to the Tool. See www. fsisac.com/article/fsscc-automated-cybersecurityassessment-tool 3 The Tool’s Appendix B is a mapping of the Tool to the NIST’s cybersecurity framework. See FFIEC Cybersecurity Assessment Tool,Appendix B: Mapping Cybersecurity Assessment Tool to NIST Cybersecurity Framework (June 2015). 4 FRB 6XSHUYLVLRQ DQG 5HJXODWLRQ /HWWHU, SR 15-9 (July 2, 2015). 5 OCC %XOOHWLQ 2015-31 (June 30, 2015). 6 See FDIC, Cybersecurity Assessment Tool, Financial Institutions Letters, FIL-28-2015 (Jul. 2, 2015) (“FDIC examiners will discuss the Cybersecurity Assessment Tool with institution management during examinations to ensure awareness and assist with answers to any questions.).The National Credit Union Administration likewise has announced that it will incorporate the Tool into its examination process in the second half of 2016. See NCUA, NCUA Letter to Credit Unions, Letter No. 16-CU-01, 2 (Jan. 2016). 7 FFIEC Cybersecurity Assessment Tool, User’s Guide 3 (June 2015). 8 Id. at 6-7. 9 The Tool’s Appendix A is a mapping of the Tool’s Baseline statements to the FFIEC’s ,7 ([DPLQDWLRQ +DQGERRN. See FFIEC Cybersecurity Assessment Tool,Appendix A: Mapping Baseline Statements to )),(& ([DPLQDWLRQ +DQGERRN (June 2015). ȱ ǯȱ ¢ȱ ȱȱȱ ȱȱȱȱ ȱȱ ȱ ¢ȱ ȱǭȱ ȱ ¢ǰȱ French Lickǯȱ ȱ ęȱȱ ǰȱȱȱȱȦ ȱȱ Ƿȱȱ¢ȱ ȱȱȱęȱĜȱȱ ȱ ǯȱ ¢ȱȱȱ ȱȱȱȱĴȱ ȱȱȱ ȱ ¢ȱ ¢ȱ ǰȱ ȱ ȱ¢ȱȱȱ ȱȱȱȱ ȱ ȱ ¢ȱ ȱȱ ǯȱ ȱ ȱȱȂȱȱȱ ȱ ¢ȱȱȱȂȱ ȱȱ ȱ ¢ǯ ȱȱ ¢ȱ ¢ȱ ȱȱȱ ȱȱȱȱ ȱȱ ȱ ȱȱ ǯȱ ȱȱȱ ȱȱȱ ęȦǰȱ ȱęȱĜȱȱȱ ȱĜȱȱ ȱ FROM THE BOARD ROOM ¢ǯȱ ¢ȱȱřřȱ¢ȱ ȱȱ¡ǰȱ ȱȱ ȱȱȱȱĜȱ ȱ ȱ ȱ ȱȱȱ ȱȱ ȱȱ Dzȱ ¢ȱȱȱ ȱ ȱ ǰȱ ȱ ȱ ȱ ȱ ¢ȱ ¢ȱ ǯȱ ȱ ¢ȱȱȱ ȱ ȱ ¢ȱ ¢ȱ ǰȱ ¢ȱ ȱȱ ȱ ǯȱ ȱĜȱ ȱȱ ȱ ¢ȱ ęȱ ȱ ǰȱ ȱȱ ȱ ȱȱȱ ȱ¢ȱȱȱȱ ȱ ȱȱ ȱǻ Ǽȱȱ ȱ ¢ȱȱ ǯȱ ¢ȱ ȱȱȂȱȱȱ ȱ ¢ȱȱȱ ȱ ȱ ȱ ¢ȱ ¢ǰȱ ȱȱȱȱȱ ȱȱȱ ¢ȱȱ ǰȱ ȱ ȱ ȱ ȱ ȱ ȱ ȱȱ ȱ ȱ ȱ ȱ ȱ ȱ ǯȱ
RkJQdWJsaXNoZXIy MTg3NDExNQ==