In November 2015, the FFIEC updated their Information Technology Information Handbook [for Management]. The updates address several new recommendations for bank management, including:
If your institution is relying on internal resources to manage and monitor your IT risks, you may be falling short. Utilizing outside resources to provide insight into gaps in your IT risk strategy and provide security oversight is key to preventing security breaches.A financial organization’s core businesses should always be the focus of the underlying vision and strategy. Many financial organizations get inundated with compliance obligations that are not right sized for its specific business needs: Constantly chasing the information security compliance dragon without realizing any benefit. This is why a thorough security oversight plan is not just useful, but fundamental.