FFIEC Requirements around Info Sec in a Financial organization
ankurj.hazarika
Member Posts: 56 ■■□□□□□□□□
in Security+
Team,
Can somebody point me towards a URL where I can find the requirements that FFIEC needs organizations to have in place? I have seen the FFIEC IT handbook but those are guidelines and not requirements, if I am not wrong.
Thanks a bunch in advance.
Ankur
Can somebody point me towards a URL where I can find the requirements that FFIEC needs organizations to have in place? I have seen the FFIEC IT handbook but those are guidelines and not requirements, if I am not wrong.
Thanks a bunch in advance.
Ankur
Comments
-
colemic
Member Posts: 1,568 ■■■■■■■□□□
That's the rub with FFIEC - there are no hard and fast rules or checklists to show what needs to be done. You just need to have the appropriate technology/controls in place, to satisfy the guidelines.Working on: CCSP, definitely, maybe. On the twitters: @mcole1008 -
ankurj.hazarika
Member Posts: 56 ■■□□□□□□□□
You are right, Colemic. I went through the FFIEC IT Handbook and I think Appendix A under Information Security is a valuable tool here in determining the requirements, since that's what Auditors would be looking for.
FFIEC IT Examination Handbook InfoBase - Appendix A: Examination Procedures