Cyber Security Assessment
E3 has helped many financial institutions get a handle on and manage its cyber security risk through the use of the Federal Financial Institutions Examination Council (FFIEC) developed the Cybersecurity Assessment Tool. The CAT provides a repeatable and measurable process for financial institutions to measure their cybersecurity preparedness over time.
The CAT consists of two parts:
Inherent Risk Profile
The Inherent Risk Profile identifies the institution’s inherent risk before implementing controls. The Cybersecurity Maturity includes domains, assessment factors, components, and individual declarative statements across five maturity levels to identify specific controls and practices that are in place. While management can determine the institution’s maturity level in each domain, the CAT is not designed to identify an overall cybersecurity maturity level.
The Assessment covers the institution’s inherent risk profile based on five categories:
Technologies and Connection Types
Online/Mobile Products and Technology Services
Next the assessment evaluates the institution’s Cybersecurity Maturity level for each of five domains
Cyber Risk Management and Oversight
Threat Intelligence and Collaboration
External Dependency Management
Cyber Incident Management and Resilience