Academic journal article Federal Reserve Bulletin

Interagency Guidance on Identifying Information Security Risks. (Announcements)

Academic journal article Federal Reserve Bulletin

Interagency Guidance on Identifying Information Security Risks. (Announcements)

Article excerpt

The Federal Financial Institutions Examination Council (FFIEC) on January 29, 2003, issued revised guidance for examiners and financial institutions to use in identifying information security risks and evaluating the adequacy of controls and applicable risk-management practices of financial institutions.

The safety and soundness of the federal financial industry and the privacy of customer information depend on the security practices of banks, thrift institutions, and credit unions. The Information Security booklet describes how an institution should protect and secure the systems and facilities that process and maintain information. The booklet calls for financial institutions and technology service providers (TSPs) to maintain effective security programs, tailored to the complexity of their operations.

This guidance is the first in a series of updates to the 1996 FFIEC Information Systems (IS) Examination Handbook. These updates will address significant changes in technology since 1996 and incorporate a risk-based examination approach.

The FFIEC currently plans to issue the updates in separate booklets that will ultimately replace all chapters of the 1996 handbook and make up the new FFIEC Information Technology (IT) Examination Handbook. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed

Oops!

An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.