You are here

Written by: Michael J. Unsworth
In our recent article “Cybersecurity Assessment Tool: Focusing on Cyber Risk Management and Oversight”, we focused on the first of five domains that are included in the FFIEC’s newly released Cybersecurity Assessment Tool. We now move onto the second domain and the associated assessment factors that will be considered in determining your institution’s maturity level.

The Threat Intelligence and Collaboration domain focuses on the institution’s procedures to identify and communicate threats. Effective processes in this domain will help the institution identify and mitigate threats before an incident occurs. There are three assessment factors the institution will need to assess to determine their maturity level:

  • Threat Intelligence
  • Monitoring and Analyzing
  • Information Sharing

In assessing threat intelligence, the institution must determine the level of involvement in the information sharing community and how that information is gathered and maintained. Determining the maturity level of the monitoring and analyzing assessment factor involves evaluating the processes in place to review, and act upon the information collected. Strong processes in this area will identify active threats against the institution, and the industry.

The information sharing assessment factor involves evaluating the institution’s information sharing process, and the extent and effectiveness of the institution’s ability to communicate identified threats. Communicating threats internally will ensure the risks are known by appropriate personnel, and will allow risk management to be implemented. Communicating threats to external parties will strengthen the network of trust relationships, and encourage the information sharing that will help the industry as a whole.

Assessment of the Threat Intelligence and Collaboration domain will help the institution gather and manage relevant threat information. Proper analysis will allow the institution to identify threats before it is impacted by them, and to properly mitigate risks posed by the threats.

If you have any questions or if you would like a review of your cybersecurity preparedness, please contact Michael J. Unsworth, IT Assurance Senior Consultant, at 617-933-3372 or