FFIEC Risk Assessment Services

Designing a security strategy can overcome compliance hurdles and help your organization keep client data secure. It further ensures you are compliant with the Federal Financial Institutions Examination Council (FFIEC) while providing peace of mind and protecting what matters most.

Drummond offers a comprehensive FFIEC Risk Assessment for financial institutions by identifying and finding gaps in your security policies and practices. By conducting a risk assessment, your organization will gain compliance for key assets and IT systems with solid controls and frameworks in place.

Our team of experts and services meet federal, state, and local regulatory requirements for the banking and financial services industry. Drummond FFIEC Risk Assessment is designed to help you:

  • Test your network for vulnerabilities
  • Monitor networks for anomalies
  • Implement an incident response program
  • Train your staff on security awareness
  • Ensure third parties have adequate security controls in place

If you are interested in our FFIEC Risk Assessment Services, please complete this form and let us know how we may help you get started.

FFIEC Cybersecurity Assessment Tool

Due to the increasing volume and sophistication of cyber threats, the FFIEC developed the Cybersecurity Assessment Tool (Assessment) on behalf of its members to help institutions identify risks and determine their cybersecurity maturity.

The content of the Assessment is consistent with the principles of the FFIEC Information Technology Examination Handbook (IT Handbook) and the National Institute of Standards and Technology (NIST) Cybersecurity Framework, as well as industry-accepted cybersecurity practices.

The Assessment provides institutions with a repeatable and measurable process to inform management of their institution’s risks and cybersecurity preparedness and consists of two parts:

    1. Inherent Risk Profile
    2. Cybersecurity Maturity

The Inherent Risk Profile identifies the institution’s inherent risk before implementing controls.

The Cybersecurity Maturity includes domains, assessment factors, components, and individual declarative statements across five maturity levels to identify specific controls and practices that are in place. While management can determine the institution’s maturity level in each domain, the Assessment is not designed to identify an overall cybersecurity maturity level.

To complete the Assessment, management first assesses the institution’s inherent risk profile based on five categories:

  1. Technologies and Connection Types
  2. Delivery Channels
  3. Online/Mobile Products and Technology Services
  4. Organizational Characteristics
  5. External Threats

Management then evaluates the institution’s Cybersecurity Maturity level for each of five domains:

    1. Cyber Risk Management and Oversight
    2. Threat Intelligence and Collaboration
    3. Cybersecurity Controls
    4. External Dependency Management
    5. Cyber Incident Management and Resilience

Interested in Drummond’s FFIEC Risk Assessment Services?

The People of Drummond are here to help!

Privacy Preferences

When you visit our website, it may store information through your browser from specific services, usually in the form of cookies. Here you can change your Privacy preferences. It is worth noting that blocking some types of cookies may impact your experience on our website and the services we are able to offer.

Click to enable/disable Google Analytics tracking code.
Click to enable/disable Google Fonts.
Click to enable/disable Google Maps.
Click to enable/disable video embeds.
Our website uses cookies, some from third-party services. Define your Privacy Preferences and/or agree to our use of cookies.