As a reflection of the current cybersecurity landscape, the Federal Financial Institutions Examination Council (FFIEC) has developed the Cybersecurity Assessment Tool (Assessment). The goal of the Assessment is to allow organizations within the financial industry to assess their cybersecurity risk and determine how to improve the security of their organization. The Assessment provides businesses with a repeatable and measurable process to improve cybersecurity preparedness over time.
About Our FFIEC Cybersecurity Assessment Services
The Assessment uses principles derived from the FFIEC Information Technology (IT) Examination Handbook, as wells as concepts from the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework. Additionally, the Assessment is consistent with industry-accepted cybersecurity practices.
A-LIGN can assist your organization with the following assessment activities:
- Inherent Risk Profile: Through a series of interviews with an organization’s executive and management team, A-LIGN can determine the level of risk within an organization by reviewing the technologies in-use, delivery channels used, online and mobile products, technology services, organizational characteristics, and external threats.
- Cybersecurity Maturity: To determine the cybersecurity maturity level, A-LIGN tests the implementation of the controls in five domains to determine the organization’s maturity score. There are five domains used to determine maturity:
- Cyber Risk Management and Oversight: Addresses management oversight, as well as the development and implementation of a cybersecurity program.
- Threat Intelligence and Collaboration: Includes the processes in place to help an organization discover, analyze, and understand cyber threats, as well as the capability to share these cyber threats with the appropriate parties.
- Cybersecurity Controls: Consists of the practices and processes that are used by your organization to protect assets, infrastructure, and information.
- External Dependency Management: The establishment and maintenance of a program to oversee and manage third-parties with access to the institution’s technology assets and information.
- Cyber Incident Management and Resilience: The establishment, identification, and analysis of cyber events through event prioritization and communication with appropriate stakeholders.
Upon completion of the assessment activities, A-LIGN will issue a report which will include a listing of the practices and controls assessed, identification of gaps resulting from the assessment, and auditor recommendations to bridge noted gaps.
FFIEC Cybersecurity Assessment Solutions Tailored to Your Company
Choosing A-LIGN as your partner benefits your organization by:
- Utilizing experienced assessors to evaluate risks and controls to guide your assessment
- Establishing a roadmap to improve your organization’s risk management and cybersecurity strategy
- Determining if your organization has appropriately developed policies and procedures that properly mitigate your risk
The A-LIGN Edge
Our customized compliance solutions and streamlined audit process allow you to meet all of your audit and compliance needs with a single service provider. One-stop shopping means a stress-free audit process for you, as you work with one team who understands the unique needs of your organization. See what our clients have to say: