Federal banking regulators aim to impose new cyber security standards on financial institutions with $50B or more in assets. The FDIC, Federal Reserve and OCC published the new guidelines on October 19 and expect to finalize them in January 2017.
What does it mean for you? The proposal calls for higher standards imposed on institutions that manage, maintain and/or operate systems that provide key functionality to the financial sector. It pinpoints vendor risk management as a particular concern. Other impacted areas include:
- Cyber risk governance;
- Cyber risk management;
- Internal dependency management;
- External dependency management; and
- Incident response, cyber resilience and situational awareness.
According to the proposal, Boards of Directors will be expected to take a more proactive role in cyber security oversight. The proposed regulation would hold them accountable for implementing cyber risk management frameworks.
Job number one is to understand what type of framework you need to manage your security posture. The organization needs visibility into all security-related people, processes and technology at once. Information silos don’t work; nor does a mishmash of point solutions, spread sheets and homegrown systems. Your ideal framework should provide a panoramic view of all your security ‘inputs’ so you can react in real-time.