多宝游戏下载

Skip to main content
U.S. flag
An official website of the United States government
Dot gov
The .gov means it鈥檚 official. 
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you鈥檙e on a federal government site.
Https
The site is secure. 
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.
INACTIVE
This page is no longer active. Its content has expired or been rescinded by the 多宝游戏下载.

FFIEC INFORMATION TECHNOLOGY EXAMINATION HANDBOOK

Information Technology / Cybersecurity
February 12, 2003


TO: CHIEF EXECUTIVE OFFICER (also of interest to Chief Information Officer)
SUBJECT: New Information Security Guidance for Examiners and Financial Institutions
Summary: The Federal Financial Institutions Examination Council (FFIEC) has issued a booklet with revised guidance for identifying institutions' information security risks and evaluating their risk-management practices. This is the first in a series of updates to the 1996 FFIEC Information Systems Examination Handbook , which will eventually replace the1996 handbook and comprise the new FFIEC Information Technology (IT) Examination Handbook .

On January 29, 2003, the Federal Financial Institutions Examination Council (FFIEC) issued revised guidance for examiners and financial institutions to use in identifying information security risks and evaluating the adequacy of controls and applicable risk- management practices of financial institutions. This guidance 鈥 The Information Security Booklet 鈥 is the first in a series of updates to the 1996 FFIEC Information Systems Examination Handbook . These updates will address significant changes in technology since 1996 and incorporate a risk-based examination approach.

The safety and soundness of the federal financial services industry and the privacy of customer information depend on the security practices of banks, thrifts and credit unions. The Information Security Booklet describes how an institution should protect and secure the systems and facilities that process and maintain information. Financial institutions and technology service providers (TSPs) should maintain effective security programs, tailored to the complexity of their operations.

The FFIEC plans to issue updates in separate booklets that will ultimately replace all chapters of the 1996 handbook and comprise the new FFIEC Information Technology (IT) Examination Handbook . In addition to the booklet on information security, future booklets will address business continuity planning, electronic banking, IT audits, payment systems, outsourcing, IT management, computer operations, and systems development and acquisition.

The FFIEC agencies plan to distribute these booklets electronically to financial institutions and TSPs via the Internet through the FFIEC鈥檚 InfoBase application. The InfoBase will include each booklet in Adobe Acrobat PDF file format, as well as an online version with links to various resource materials and an orientation to the handbook update process.

The electronic version of The Information Security Booklet is available at www.fdic.gov/regulations/information/information/FFIEC.html and www.ffiec.gov/guides.htm.

For more information about information security, please contact your 多宝游戏下载 Division of Supervision and Consumer Protection Regional Office.

For your reference, 多宝游戏下载 Financial Institution Letters may be accessed from the 多宝游戏下载鈥檚 Web site at http://www.fdic.gov/news/financial-institution-letters/2003/index.html.

Michael J. Zamorski
Director

Distribution: 多宝游戏下载-Supervised Banks (Commercial and Savings)

NOTE: Paper copies of 多宝游戏下载 financial institution letters may be obtained through the 多宝游戏下载's Public Information Center, 801 17th Street, NW, Room 100, Washington, DC 20434 (1-877-275-3342, option 5, or (703) 562-2200).


FIL-11-2003

Last Updated: February 12, 2003