You are here

Written by: Nicholas Jesi, CISA
After previously covering the first four domains of the FFIEC’s Cybersecurity Assessment Tool, we now continue on to the fifth domain: Cyber Incident Management and Resilience.

Cyber incident management includes establishing, identifying, and analyzing cyber events; prioritizing the institution’s containment; and escalating information to appropriate stakeholders. Cyber resilience encompasses both planning and testing to maintain and recover ongoing operations during and following a cyber incident. There are three assessment factors that can be used to evaluate an institution’s maturity level within this domain: 

Incident Resilience Planning and Strategy incorporates resilience planning and testing into existing business continuity and disaster recovery plans to minimize service disruptions and the destruction or corruption of data. Institutions should not have a response plan that is limited to just IT functions. By incorporating response plans with business continuity plans, institutions can greatly reduce the impacts of a breach.

Detection, Response, and Mitigation refers to the steps management takes to identify, prioritize, respond to, and mitigate the effects of internal and external threats and vulnerabilities. Both physical (people) and logical (antivirus) resources must be utilized to detect and mitigate any potential breaches.

Escalation and Reporting ensures key stakeholders are informed about the impact of cyber incidents, and that regulators, law enforcement, and customers are notified as required. Even after a breach becomes contained and eradicated, reporting to the necessary parties is crucial to maintaining the institution’s reputation and legal responsibilities.

Additionally, this domain stresses the importance of having a detailed incident response plan that includes procedures on how to respond to specific types of security threats such as malware, DOS attacks, ATM cash out scams, and phishing attacks. Along with having a more robust plan, intuitions should be performing table top tests to ensure that appropriate parties can adequately respond in the event of a real cyber incident.

If you have any questions or if you would like a review of your cybersecurity preparedness, please contact Nicholas Jesi, CISA, IT Assurance Supervisor, at 617-933-3373 or