FFIEC Agencies Modernize Information Security Booklet
WASHINGTON -- NCUA and the other Federal Financial Institutions Examination Council regulators have distributed revised guidance for examiners and financial institutions for identifying security risks, evaluating controls, and applicable risk management practices.
The updated booklet provides an overhaul of the 2002 version, addressing advances in technology, risk assessments, mitigation strategies, and regulatory guidance. Additionally, the risk assessment portion has been expanded to reflect the maturation of that process related to information security. New or revised material covering authentication, monitoring programs, and software trustworthiness is also included. Other topics including malware, wireless, remote access, and trust services have also been incorporated or revised.