The New FFIEC Cybersecurity Assessment Tool for Financial Institutions: Understanding its Use and Legal Implications
Author: Stanley F. Orszula.; Rachel H. Bryers.
Source: Volume 29, Number 01, September/October 2015 , pp.13-22(10)
< previous article |next article > |return to table of contents
Abstract:
The Federal Financial Institutions Examination Council’s Cybersecurity Assessment Tool for banks and financial institutions to evaluate their cybersecurity risk profile and preparedness, released in June 2015, is more than just another handy IT tool. It has far-reaching legal implications for financial institutions in three broad areas: examinations, board and senior management governance, and third-party vendor relationships. This article explores the tool’s legal and regulatory basis, its components, and its various legal implications.Keywords: Cybersecurity Assessment Tool, inherent risk profile, cybersecurity maturity, third-party vendor relationships, NIST Cybersecurity Framework, board oversight
Affiliations:
1: Quarles & Brady LLP; 2: Quarles & Brady LLP.