The Federal Financial Institutions Examination Council (FFIEC) requires that financial institutions implement an ongoing security process and institute appropriate governance for the security function, assigning clear and appropriate roles and responsibilities to the board of directors, management, and employees.
Financial institutions must maintain an ongoing information security risk assessment program that effectively:
- Gathers data regarding the information and technology assets of the organization, threats to those assets, vulnerabilities, existing security controls and processes, and the current security standards and requirements
- Analyzes the probability and impact associated with the known threats and vulnerabilities to their assets
- Prioritizes the risks present due to threats and vulnerabilities to determine the appropriate level of training, controls, and assurance necessary for effective mitigation
A strategy should be developed that defines control objectives & establishes an implementation plan. Security strategies should include:
- Appropriate consideration of prevention, detection, and response mechanisms
- Implementation of the least permissions and least privileges concepts
- Layered controls that establish multiple control points between threats and organization assets
- Policies that guide officers and employees in implementing the security program
AS YOU STRIVE TO ACHIEVE, EXCEED AND MAINTAIN FFIEC GUIDELINES, YOU’RE LIKELY CONSIDERING THE FOLLOWING SOLUTIONS:
2B MANAGED EDR – WE’VE GOT YOU COVERED
Unified Prevention, Detection, and Response
A single, purpose-built endpoint agent is powered by machine learning and automation.
Protection Across Major Attack Vectors
Our SOC teams detect and respond to attacks across all major vectors, rapidly eliminating threats with fully automated, policy-driven response and rollback capabilities.
Broad Visibility in Real Time
We have complete visibility into your endpoint security environment with full-context and real-time forensics.
Our Managed EDR supports Windows, Mac OS, and most Linux platforms with on endpoint agents operating at machine speed.
Manual effort is reduced by automatically stringing together related EDR incidents to create an attack storyline.