II.A.3(b)     Resources for Cybersecurity Preparedness

The FFIEC members issued a voluntary Cybersecurity Assessment ToolRefer to theĀ Cybersecurity Assessment Tool on the FFIEC website. to help institution boards and management identify risks to their institutions and evaluate their institution's cybersecurity preparedness. In addition, there are other resources available to help management develop and evaluate information security and cyber resilience, such as the NIST Cybersecurity Framework, common approaches developed by the Mitre Corporation, and the U.S. Computer Emergency Readiness Team's (US-CERT)US-CERT, of the Department of Homeland Security, responds to major incidents, analyzes threats, and exchanges critical cybersecurity information with trusted partners around the world. National Cyber Awareness System. Institution management can select a single framework or use a combination of resources to help identify its risks and determine its cybersecurity preparedness. Regardless of the source, frameworks can help management identify a cybersecurity and resilience posture that is commensurate with the institution's risk and complexity.


Previous Section
II.A.3(a) Supervision of Cybersecurity Risk
Next Section
II.B Risk Measurement