FFIEC Unveils Data Security Handbook

WASHINGTON-The Federal Financial Institutions Examination Council issued a revised information security handbook for examiners and financial institutions to help hone in on security risks and evaluate controls. The Information Security Booklet describes how banks, thrifts, and credit unions should protect and secure their information processing and maintenance systems and facilities. Financial institutions and technology service providers must maintain effective security programs, tailored to the complexity of their operations, the guidance stated. The booklet is the first in a series of updates to the 1996 FFIEC Information Systems Examination Handbook that will eventually replace all chapters of the old handbook and make up the new FFIEC Information Technology Examination Handbook. Future booklets will include business continuity planning, supervision of technology service providers, electronic banking, IT audit, payment systems, outsourcing, IT management, computer operations, and systems development and acquisition. The electronic version of the Information Security Booklet is available at www.ffiec.gov/guides.htm.