IT Examiner School

First page Table of contents Previous page 107 Next page Last page

FFIEC Component Rating Areas

Adequacy of security policies, procedures, & practices in all units & at all levels of the financial institution and service providers

Quality of physical & logical security, including the privacy of data

Adequacy of firewall architectures & the security of connections with public networks

Module Objectives

Provide an overview of the Information Security Triad

Explain the importance of maintaining an up-to-date asset inventory, classifying assets by sensitivity, and conducting periodic risk assessments

Differentiate between threats, vulnerabilities, and risks

Define the various control types

Made with FlippingBook Digital Publishing Software