Professional Documents
Culture Documents
CISOs of leading organizations agree that a systematic and unified approach to the cyber security
assessment of their organization is an essential step to data security. Several competing as well as
complimentary data security standards regarding DLP have been created by various security
standards councils and service providers. These include the following:
The FFIEC CAT was developed by the council members to provide a comprehensive guide to help
organizations identify their cybersecurity risks or shortcomings. The CAT then provides applicable
steps to secure their cybersecurity preparedness based on their organization type and the threats
they may face. The benefits to the organization for employing the data security assessment include
the following:
For the organizations CISO, CIO or CEO, it is recommended that the following action items are
considered in support of the implementation:
Review and approve as well as support the risk management plans to control gaps
Engage all key managers to establish and embrace the organizations risk appetite and
overall strategic direction and goals
Develop and/or approve the plan to conduct the assessment including the appointment and
allocation of resources to execute the CAT
Analyze and present the results of the CAT to the board, key stakeholders and any
appropriate managers and/or committees.
Approve and review plans and actions of those responsible for monitoring the organizations
cybersecurity exposure and response actions
Due to the FFIEC CAT structure and step wise process, this cybersecurity assessment tool has
become a principal tool for auditors and examiners. The structure is best represented by the
following diagram of the five domains the CAT addresses and the factors considered for
assessment:
Although it can seem to be a daunting task, having a systematic overview of the CAT structure as
well as concise detail of each section has proven to be essential to a successful launch and
execution. To acquire this helpful guide, download our complimentary white paper How Security
Officers Optimize FFIEC CAT.