2023 IT Examiner School

Internal Use Only

FFIEC Component Rating Areas

Adequacy of security policies, procedures, & practices in all units & at all levels of the financial institution and service providers

Quality of physical & logical security, including the privacy of data

Adequacy of firewall architectures & the security of connections with public networks

Internal Use Only

Module Objectives

Provide an overview of the Information Security Triad

Explain the importance of maintaining an up-to-date asset inventory, classifying assets by sensitivity, and conducting periodic risk assessments

Differentiate between threats, vulnerabilities, and risks

Define the various control types