IT Examiner School eBook

Internal Use Only

A New Reality

• The endpoint is the perimeter • The user is the perimeter • The business process is the perimeter • The information is the perimeter There is no perimeter

• Compliance ≠ security, like a firewall ≠ security • It’s a resource and budget conflict, and it splits focus Compliance may threaten security

• Security has grown well past the “do-it-yourself” days • Install and use is no longer an acceptable approach to technology • The rate of change and diversity of products makes it difficult, if not impossible, to keep up Technology without a strategy is chaos

Internal Use Only

Cybersecurity Preparedness Challenges • How does the board know that the organization is prepared?

• How can the institution measure key risk through an iterative process to examiners & board?

• How can the institution measure their inherent risk and controls to determine the maturity of their cybersecurity posture?

• FFIEC CAT Tool is on process to identify inherent risks and determine level of maturity of an institution's cyber preparedness.

4