Banks, credit unions, and other financial institutions face major challenges when protecting financial data in today’s threat landscape and must also deal with compliance mandates for GLBA, FFIEC, SOX, PCI, and a patchwork of federal, state, and other industry regulations. For example, In March of this year, the National Futures Association enacted its Cybersecurity Interpretive Notice to help structure and strengthen members’ information security programs. These guidelines suggest that each member firm establish a written governance framework, assess and prioritize IT risks, defend specifically against identified threats and vulnerabilities, create incident response plans, and provide continuous employee training. These guidelines build on the SEC’s Cybersecurity Examination Initiative conducted by the Office of Compliance Inspections and Examinations (OCIE), which focus on six key areas in its audits:
- Cybersecurity Governance and Risk Assessments
- Access Rights and Controls
- Data Loss Prevention (DLP)
- Vendor Management
- Cybersecurity Incident Response
- Cybersecurity Awareness & Training
Guidelines such as these can be very helpful in framing the appropriate procedures and policies necessary both to comply with regulations and better secure organizations. We have previously written about what the second round of OCIE examinations mean and how to prepare for the examinations of the Federal Financial Institutions Examination Council (FFIEC), which provides cybersecurity standards and auditing for financial institutions and the following regulatory agencies:
- Board of Governors of the Federal Reserve System (FRB)
- Federal Deposit Insurance Corporation (FDIC)
- National Credit Union Administration (NCUA)
- Office of the Comptroller of the Currency (OCC)
- Consumer Financial Protection Bureau (CFPB)
EiQ’s SOCVue® Security Monitoring service helps financial institutions address FFIEC cybersecurity standards by providing 24x7x365 security monitoring and proactive security controls assessment. As part of the service, EiQ’s SOC team will proactively assess network security controls, which are based on the CIS/SANS Critical Security Controls, in order to reduce your compliance risk. The security controls are directly mapped to relevant sections of the FFIEC Handbook.
In addition, EiQ offers the SOCVue Vulnerability Management service, which provides vulnerability detection and remediation guidance designed to help address FFIEC Host Security and User Equipment Security requirements.
This page illustrates how the CIS Critical Security Controls map to the FFIEC Examiners Handbook and how EiQ addresses them. In addition, EiQ has created a new whitepaper to help banks, credit unions, and other financial institutions secure their data and meet compliance challenges.
Download this whitepaper now to learn more about:
- How to Manage Today’s Complex Compliance Landscape
- Why Vulnerability Management is So Important to Credit Unions
- How Vulnerability Management Fits into a Compliance Program
- How to Have Full Visibility into Your Network
- How EiQ Can Help You Meet Specific Compliance Requirements
More and more, organizations that were previously understaffed, underbudgeted, and overwhelmed are finding that EiQ’s hybrid SaaS security services that combine the best people, process, and technology are a welcome change from going it alone. EiQ is transforming how mid-market organizations build enterprise-class security programs. Acting as an extension of our customers’ IT teams, EiQ’s SOCVue provides continuous security operations based on best-of-breed technology at a fraction of the cost of alternative solutions. EiQ is a trusted advisor to organizations that need to improve their IT security and compliance posture by protecting their infrastructure against cyber threats and vulnerabilities. To learn more, please request a demo today.