Frb: Supervisory Letter sr 16-14 on ffiec information Technology Examination Handbook – Information Security booklet September 19, 2016



Download 46.89 Kb.
View original pdf
Date20.07.2018
Size46.89 Kb.

Page 1 of 2
BOARD OF GOVERNORS
OF THE
FEDERAL RESERVE SYSTEM
WASHINGTON, DC. 20551
DIVISION OF BANKING
SUPERVISION AND REGULATION

SR 16-14
September 19, 2016
TO: OFFICER IN CHARGE OF SUPERVISION AT EACH FEDERAL RESERVE
BANK AND TO INSTITUTIONS SUPERVISED BY THE FEDERAL RESERVE

SUBJECT: FFIEC Information Technology Examination Handbook – Information Security
Booklet

Applicability: This letter applies to all institutions supervised by the Federal Reserve, including those with $10 billion or less in consolidated assets.

The Federal Financial Institutions Examination Council (FFIEC) has revised the July 2006 version of the Information Security booklet of the FFIEC Information Technology
Examination Handbook (IT Handbook). The Information Security booklet is one of 11 booklets that makeup the IT Handbook.
1
This revised booklet provides guidance to examiners for assessing the level of security risks to a financial institution’s information systems. The booklet describes effective information security program management and helps examiners evaluate the adequacy of a financial institution’s integration of information security into its overall risk management program The booklet also provides an overview of information security operations, including the need for effective (1) threat identification, assessment, and monitoring and (2) incident identification, assessment, and response. The revised booklet highlights important attributes among effective information security programs, including assurance and testing, and the adequacy of an institution’s culture, To consolidate letters that announce revisions to FFIEC IT-related booklets, this letter supersedes the following letters SR letter 16-10, “FFIEC Information Technology Examination Handbook – Retail Payment Systems Booklet which addresses IT practices associated with activities and devices for mobile financial services SR letter
15-14, “FFIEC Information Technology Examination Handbook,” which provides guidance on the oversight and administration of IT and IT risk management practices and SR letter 15-3, “FFIEC Information Technology
Examination Handbook,” which explains the components of an effective third-party management program that can identify, measure, monitor, and control the risks associated with outsourcing. The information in those booklets is still relevant, and examiners can find the latest versions of those booklets on the FFIEC IT Examination Handbook
InfoBase at http://ithandbook.ffiec.gov/it-booklets.aspx
2
For purposes of this guidance, financial institutions refers to state member banks, bank and savings and loan holding companies (including their nonbank subsidiaries, and US. operations of foreign banking organizations.

Page 2 of 2 governance, and security operations. Further, the revised booklet includes examination procedures to evaluate these areas and addresses

cybersecurity concepts such as threats, controls and resource requirements for preparedness and the stages of the IT risk management program, including risk identification, risk measurement, risk mitigation, monitoring, and reporting. Electronic versions of the Information Security booklet and the other booklets in the IT
Handbook are available at http://ithandbook.ffiec.gov/it-booklets.aspx
Reserve Banks are asked to distribute this SR letter to the Federal Reserve-supervised institutions in their districts, as well as to their supervisory and examination staff. Questions regarding the revised guidance should be addressed to the following staff in the Board’s Systems and Operational Resiliency Policy section Todd Sheets, Supervisory Financial Analyst, at
(202) 872-7541. In addition, questions maybe sent via the Board’s public website.
3
Maryann F. Hunter Acting Director
Supersedes: SR letter 16-10, “FFIEC Information Technology Examination Handbook – Retail Payment Systems Booklet SR letter 15-14, “FFIEC Information Technology Examination Handbook” SR letter 15-3, “FFIEC Information Technology Examination Handbook
3
http://www.federalreserve.gov/apps/contactus/feedback.aspx



Share with your friends:


The database is protected by copyright ©userg.info 2017
send message

    Main page

bosch
camera
chevrolet
epson
fiat
Honda
iphone
mitsubishi
nissan
Panasonic
Sony
volvo
xiaomi
yamaha