Posted on September 9, 2014 by ashley
Due to recent data breaches and exposure of consumer information, Congress is paying special attention to cyber security issues. As a result, regulators must ensure that the organizations they regulate are aware of cyber security issues at the very top of their organizations. To do so, regulators, such as the Federal Financial Institutions Examination Council (FFIEC), are incorporating cyber security risk assessments into their IT examination process and forcing institutions to think strategically about their information security and compliance programs.
Associations and analysts across regulated industries are urging leaders to prepare for more stringent oversight and governance of their information security program and initiatives. According to a recent article from Bank Info Security, one banking institution executive, who asked not to be named, says regulators are already setting times for cybersecurity-related risk assessments exams to coincide with their regular IT exams, some of which are in the coming days.
Facing this increased scrutiny, organizations must be ready to prove they have strategic plans in place that ensure information security and compliance is part of their everyday business and that their leadership understands how emerging cyber-attacks could affect their business. With so many organizations outsourcing IT operations, it is important for leadership to remember that they are still responsible for the security of their enterprise and its customers.