1 min read

Should Banks Expect New Cybersecurity Guidance?

Chris Bedel : Feb 23, 2016

Uncategorized

That is a question that I see continually asked in various articles and websites.  This article by Tracy Kitten at bankinfosecurity.com tries to answer just that.

Below are my summary and reaction, along with a link to the original article:

  • The article also goes on to imply that banks should be using the NIST Cybersecurity Framework in lieu of, or alongside the FFIEC CAT.
    • My recommendation is this:  in a world of limited resources, banks should focus on the FFIEC CAT.  It ties back to the NIST framework and the FFIEC IT Examination Handbook and was created specifically for banks.  If you are using it to assess your risk and are working toward an appropriate maturity level, you are going to be in pretty good shape.

Read the Entire Article on the Author's Website...
Cyber Resilience - New Focus in OCC Operating Plan for 2016

Cyber Resilience - New Focus in OCC Operating Plan for 2016

Chris Bedel : Dec 2, 2015

The OCC included “Cybersecurity and Resilience Planning” as a focus for 2016 in the release of their most recent Operating Plan. They went on to more...

Uncategorized
Read More

Need Ideas for Incident Response Testing? Look no Further than the FDIC Cyber Challenges

Chris Bedel : Apr 20, 2016

Incident Response testing is critical. A lot of banks are doing it, but some still aren't. It is required to achieve Baseline maturity in the 2015...

Uncategorized
Read More
Why the FFIEC CAT Isn’t Your Risk Assessment—And What To Do Instead

1 min read

Why the FFIEC CAT Isn’t Your Risk Assessment—And What To Do Instead

Chris Bedel : Jun 13, 2025

With the upcoming sunset of the FFIEC Cybersecurity Assessment Tool (CAT) in less than three months, community banks are beginning to get nervous...

Risk Assessment CAT vCISO Virtual CISO Cybersecurity Risk Management NIST-CSF
Read More