2023 IT Examiner School

Cybersecurity Summary 1. Threat actors are more sophisticated and motivated

2. Institutions must demonstrate an understanding of risks and threats they face. 3. Tools such as FFIEC CAT are a starting point for organizations determine their risk profile and cyber maturity 4. As Examiners, expect banks to know where their cyber risks are and devote resources to those areas that present the greatest risk to the institution 5. The end game is to effectively evaluate the institution’s risk • Do the results seem reasonable (size & complexity)? • And are risk adequately mitigated through well-designed and executed controls