IT Security Risk Assessment
What are the requirements for an IT Security Risk Assessment?
The section 501(b) of the Gramm-Leach-Bliley Act of 1999 (GLBA) requires that banks have an Information Security Risk Management Program. One of the major components of the program is an ongoing risk assessment program. The FFIEC is fairly specific as to how this should be done. Admittedly, a proper risk assessment is a large, difficult undertaking, mandates objectivity and requires a multidisciplinary approach according to the FFIEC guidelines.
How does CBC help community banks do risk assessments?
Community Banc Consulting, Inc. can conduct a compliant risk assessment for your bank that will help you learn about your IT infrastructure and satisfy the examiners. CBC uses a methodical process to evaluate the risks your bank faces and the controls that you have in place to mitigate those risks. We produce a concise report that you can discuss with your board of directors and examiners. We will also make suggestions as to what further controls you need to consider putting in place.
Once a risk assessment is completed, a bank can then develop policies that are supported by the assessment of their unique situation. This policy is generally referred to as the Information Security Policy.
To inquire about an IT security Risk Assessment for your community bank, please contact us or call:
- Paul Elder at 614-848-3189 ext. 121
- Larry Krietemeyer at 614-848-3189 ext. 143
The expertise and learning that they bring to the organization is very helpful. Their professionalism, sharing of ideas, and willingness to sit and talk when we want them to, is a big help.