FDIC breaches prompt new cyber risk standards for the financial sector

glasses policy document

The Federal Deposit Insurance Corporation (FDIC), a major banking regulator, was accused last year of covering up data breaches that occurred in 2010, 2011, and 2013. In each instance, the regulator’s computers were compromised by a foreign government.

Then, in 2015, an employee copied sensitive information about how banks handle bankruptcy to a thumb drive immediately before leaving the FDIC. The drive was recovered months later.

Changes to the financial services cybersecurity regulations

As a result of the breaches, a group of agencies (including the FDIC) published the proposed federal rules in October of last year, concerning enhanced cyber risk management. The rules address these five key areas:

  1. Cyber risk governance
  2. Cyber risk management
  3. Internal dependency management
  4. External dependency management
  5. Incident response, cyber resilience, and situational awareness

The period for submitting comments on the proposal closed on January 17, 2017. When the rules are finalized, it is likely that US financial institutions will have to implement more robust cybersecurity controls.

A key element of enhancing your cybersecurity measures will be documenting your policies and procedures:

Documenting cyber security policies

It’s important for all organizations to document their cybersecurity policies and keep them regularly updated. Doing so helps prove their commitment to protecting the information they handle, while also providing useful procedures for staff to follow when a breach occurs.

Policies are the driving force behind an ISMS (information security management system): they reflect the board’s attitude towards, and requirements in respect of, cybersecurity.

Writing a cyber security policy

It can be difficult to know where to start when writing cybersecurity policies –the scope they should cover, the level of detail, how accountability is asserted, and how it will fit into the organisation’s everyday business and objectives. But what if an expert could help you write them?

The ISO 27001 ISMS Documentation Toolkit does exactly that. It contains a set of pre-written documents that have been designed by implementation experts to help you record your policies correctly and easily. What’s more, the templates are all aligned with the internationally recognized cyber security standard, ISO 27001.

More than 23,000 companies worldwide are now certified to ISO 27001, and certifications are growing significantly across the US. Not only does the Standard help organizations prove their commitment to cybersecurity, it also helps them win new business.

Cyber security policy samples

Cyber Security PolicyTaken from the ISO 27001 ISMS Documentation Toolkit, this sample template will help you write your cybersecurity policy for supplier relationships.

This template can be tailored to your business, taking away the hassle of writing the policy from scratch.

Take a free trial of the ISO 27001 toolkit now >>

Find out more about the ISO 27001 toolkit here >>