ABA Banking Journal
No Result
View All Result
  • Topics
    • Ag Banking
    • Commercial Lending
    • Community Banking
    • Compliance and Risk
    • Cybersecurity
    • Economy
    • Human Resources
    • Insurance
    • Legal
    • Mortgage
    • Mutual Funds
    • Payments
    • Policy
    • Retail and Marketing
    • Tax and Accounting
    • Technology
    • Wealth Management
  • Newsbytes
  • Podcasts
  • Magazine
    • Subscribe
    • Advertise
    • Magazine Archive
    • Newsletter Archive
    • Podcast Archive
    • Sponsored Content Archive
SUBSCRIBE
ABA Banking Journal
  • Topics
    • Ag Banking
    • Commercial Lending
    • Community Banking
    • Compliance and Risk
    • Cybersecurity
    • Economy
    • Human Resources
    • Insurance
    • Legal
    • Mortgage
    • Mutual Funds
    • Payments
    • Policy
    • Retail and Marketing
    • Tax and Accounting
    • Technology
    • Wealth Management
  • Newsbytes
  • Podcasts
  • Magazine
    • Subscribe
    • Advertise
    • Magazine Archive
    • Newsletter Archive
    • Podcast Archive
    • Sponsored Content Archive
No Result
View All Result
No Result
View All Result
ADVERTISEMENT
Home Cybersecurity

The Treasury Department’s Cybersecurity Checklist

April 29, 2015
Reading Time: 3 mins read

Boiling down what really matters concerning cybersecurity is a tough but worthy exercise. During recent remarks, Deputy Treasury Secretary Sarah Bloom Raskin offered a checklist of what the Treasury Department thinks are the essential elements of cybersecurity. Here we examine how your bank can answer her challenge.

MAKE CYBER RISK PART OF YOUR BANK’S CURRENT RISK MANAGEMENT FRAMEWORK

  • Tailor your framework to the size and business operations of your bank
  • Identify the cyber threats presented by your particular activities and operations and match those threats to the appropriate technology solutions.
  • Adopt policies, procedures and other controls to address identified cyber threats that their technology solutions cannot control and to reasonably anticipate possible breakdowns and overrides of that technology.
  • Employ highly qualified people to monitor and continually reassess the effectiveness of the deployed technology and controls, including those technologies or controls that are not directly operated by the institution.

USE THE NIST CYBERSECURITY FRAMEWORK

  • Identify your bank’s cyber posture and determine its risk profile and tolerance.
  • Develop organizational communication plans for responding to attacks.
  • Establish a common language and set of practices, standards and guidelines.
  • Apply your established risk-management approaches when the risks and associated controls are cyber-related.
  • Evaluate vendors and other third parties with access to your networks, systems and data.

UNDERSTAND THE SECURITY SAFEGUARDS THAT YOUR THIRD PARTIES HAVE IN PLACE

  • Know all vendors and third parties with access to your systems and data.
  • Ensure that those third parties have appropriate protections to safeguard your systems and data.
  • Conduct ongoing monitoring to ensure adherence to protections.
  • Document protections and related obligations in your contracts.

EVALUATE YOUR NEED FOR CYBER RISK INSURANCE

  • Know what it covers and excludes.
  • Know if it is adequate based on your risk exposure.
  • Leverage the qualification process to help assess your bank’s risk level.

ENGAGE IN BASIC CYBER HYGIENE

  • Know all the devices connected to your networks.
  • Reduce that number to only those who need those privileges.
  • Know who has administrative permissions to change, bypass and override system configurations.
  • Patch software on a timely basis.
  • Conduct continuous, automated vulnerability assessments.

SHARE INCIDENT DATA WITH INDUSTRY GROUPS

  • Join the Financial Services Information Sharing and Analysis Center.

HAVE AN INCIDENT PLAYBOOK AND A POINT PERSON FOR RESPONSE AND RECOVERY

  • Have a detailed, documented plan that designates who is responsible for leading the response-and-recovery efforts.
  • Chose a lead with exceptional organizational and communication skills because he or she will quarterback internal and external interactions.

DESIGNATE SENIOR LEADER AND THE BOARD ROLES DURING A CYBER INCIDENT RESPONSE

  • Designate when and which matters get escalated to the CEO.
  • Designate whether the full board or a committee—like risk or audit—is initially tasked to oversee the response from a governance perspective.
  • Participate in cyber exercises that simulate
    a cyber intrusion. Include the CEO, directors and other key players.

KNOW WHEN AND HOW TO ENGAGE WITH LAW ENFORCEMENT AFTER A BREACH

  • Have in your playbook when you should reach out to law enforcement.
  • Cultivate relationships with local U.S. Secret Service and FBI field offices.

KNOW WHEN AND HOW YOU WILL INFORM EVERYONE OF AN EVENT

  • Be transparent.
  • Avoid technical jargon and legalese and provide clear and consistent information.
  • Draft messages for various scenarios.

ADVERTISEMENT
Tags: CybersecurityInformation sharingRisk management
ShareTweetPin

Related Posts

Survey: Banks boosting cybersecurity due to AI while also investing in technology

Survey: Banks boosting cybersecurity due to AI while also investing in technology

Cybersecurity
June 13, 2025

Most U.S. banks are increasing their cybersecurity efforts because of emerging technologies such as generative artificial intelligence, and many of those same banks also list AI as a top business investment, according to a recent survey by auditing...

Fighting the Rise in Ransomware Attacks: The Value of Breaking Through Silos

Key questions and decisions bankers face in response to ransomware attacks

Cybersecurity
June 10, 2025

ABA has recently convened panel discussions and a simulation to highlight important challenges bankers will likely encounter.

OCC issues statement for banks on recent data breach

Trade groups: Financial agencies’ handling of data needs ‘significant reform’

Compliance and Risk
June 9, 2025

Financial institutions are legally required to share sensitive, proprietary and nonpublic information with their regulators as part of the supervisory process. This information can range from capital and liquidity management to cybersecurity protocols. Centralizing large amounts of data,...

Trades: Data aggregators should be subject to CFPB examination

ABA: Proposed data privacy laws should not conflict with existing bank standards

Compliance and Risk
June 5, 2025

ABA told House lawmakers that it supports applying privacy and data security protection standards to nonbank industries as long as the requirements do not conflict with those already in place for banks.

ABA calls on SEC to investigate manipulative short selling of bank stocks

ABA, associations urge SEC to rescind cyber disclosure rule

Compliance and Risk
May 23, 2025

ABA joined the Bank Policy Institute and three other associations in calling on the SEC to rescind its cyber incident disclosure rule, which they said puts companies that fall victim to cyberattacks at greater risk.

Banking sector, regulators announce joint effort to address AI risks

FS-ISAC releases annual report on financial sector cyber threats

Cybersecurity
May 19, 2025

The financial sector is scrambling to keep up with the heightened risks posed by cyber threats through increasing investment in fraud prevention and strengthening third-party risk management, according to a new report by FS-ISAC.

NEWSBYTES

ABA, associations urge CFPB to rescind changes to adjudication process

June 13, 2025

ABA DataBank: May inflation cooler than expected, but still above Fed’s 2% target

June 13, 2025

Consumer sentiment rebounds in June

June 13, 2025

SPONSORED CONTENT

AI Compliance and Regulation: What Financial Institutions Need to Know

Unlocking Deposit Growth: How Financial Institutions Can Activate Data for Precision Cross-Sell

June 1, 2025
Choosing the Right Account Opening Platform: 10 Key Considerations for Long-Term Success

Choosing the Right Account Opening Platform: 10 Key Considerations for Long-Term Success

April 25, 2025
Outsourcing: Getting to Go/No-Go

Outsourcing: Getting to Go/No-Go

April 5, 2025
Six Payments Trends Driving the Future of Transactions

Six Payments Trends Driving the Future of Transactions

March 15, 2025

PODCASTS

Podcast: Old National’s Jim Ryan on the things that really matter

June 12, 2025

Podcast: What bankers need to know about ‘First Amendment audits’

June 5, 2025

Podcast: Accelerating banking for quick-service restaurants

May 8, 2025
ADVERTISEMENT

American Bankers Association
1333 New Hampshire Ave NW
Washington, DC 20036
1-800-BANKERS (800-226-5377)
www.aba.com
About ABA
Privacy Policy
Contact ABA

ABA Banking Journal
About ABA Banking Journal
Media Kit
Advertising
Subscribe

© 2025 American Bankers Association. All rights reserved.

No Result
View All Result
  • Topics
    • Ag Banking
    • Commercial Lending
    • Community Banking
    • Compliance and Risk
    • Cybersecurity
    • Economy
    • Human Resources
    • Insurance
    • Legal
    • Mortgage
    • Mutual Funds
    • Payments
    • Policy
    • Retail and Marketing
    • Tax and Accounting
    • Technology
    • Wealth Management
  • Newsbytes
  • Podcasts
  • Magazine
    • Subscribe
    • Advertise
    • Magazine Archive
    • Newsletter Archive
    • Podcast Archive
    • Sponsored Content Archive

© 2025 American Bankers Association. All rights reserved.