Threat Intelligence Program (#324)
This product includes:
- Threat Intelligence Program: Documents the requirements for the institution’s threat intelligence program, including: threat intelligence sources, the monitoring process, the analysis and response process, documentation requirements, and the reporting process
- Threat Tracking Summary Worksheet: Microsoft® Excel-based workbook for tracking threat notifications and responses
- Threat Tracking Detail Worksheet: Microsoft Word-based worksheet for tracking details about the threat analysis and response process performed for each specific threat
- Information Systems Event Management Policy: Policy template that documents the requirements for information systems event management procedures
- Event Management Procedures for Specific Systems Worksheet: Excel-based workbook for documenting the event management procedures for each information system
Requires Microsoft® Excel 2007 and Word 2007 or higher.
Cybersecurity Assessment Workbook (#310)
This Excel-based workbook is designed to allow a financial institution to complete the FFIEC’s Cybersecurity Assessment Tool in an electronic format that automatically summarizes the results of the data entered to save the institution time while providing accurate documentation for the assessment. The workbook assists in the identification of the Inherent Risk Profile and the evaluation of the financial institution’s Cybersecurity Maturity Level for the five domains identified by the FFIEC. Financial institutions should consider completing the cybersecurity assessment annually and prior to offering any new products or services.
See the screenshots below for samples of the summary reports.
Inherent Risk Summary
Domain Maturity Level Summary
Requires Microsoft® Excel 2007 or higher.
Cybersecurity Policy (#313)
Written to assist all affected directors, officers, and staff in understanding and managing cyber risks. Topics include threat intelligence, situational awareness, risk assessment, inventory log management and monitoring, strategic planning, incident response, change management, staffing, training, and vendor management.