With the release of its Cybersecurity Assessment Tool in June 2015, the Federal Financial Institutions Examination Council looked to provide banks and credit unions with means to examine and assess their level of security and risk to cyberthreats. Completed assessments would be another “tool” in the financial institution’s belt for controlling security risks.
The CAT’s first section (inherent risk) provides guidance on what to consider and how to view “inherent” or “raw” risk. Inherent/raw risk is the level existing without the application of controls. It is the starting point for your risk analysis. Using the information and listed items in the CAT, your credit union can get an idea of its risk picture when deploying various technology systems, products and services before security measures and controls are put into place.
Using these categories and ratings can be useful to your credit union in examining the potential change in risks you face when looking to add or change technology products and services. For example, imagine that your credit union is thinking of adding person-to-person payments to its portfolio of products. Looking through the inherent risk table provides some insight into the level (or change) of risk in doing this.continue reading »