View original document

The full text on this page is automatically extracted from the file linked above and may contain errors and inconsistencies.

BOARD OF GOVERNORS
OF THE

FEDERAL RESERVE SYSTEM
WASHINGTON, D. C.  20551
DIVISION OF BANKING
SUPERVISION AND
REGULATION

SR 06-12
July 28, 2006
TO THE OFFICER IN CHARGE OF SUPERVISION,
APPROPRIATE SUPERVISORY STAFF AT EACH
FEDERAL RESERVE BANK, AND BANKING
ORGANIZATIONS SUPERVISED BY THE
FEDERAL RESERVE
SUBJECT:  FFIEC Information Security Booklet
The Federal Financial Institutions Examination Council (FFIEC) updated its
Information Security Booklet for examiners and financial institutions to reflect changes
in technology and mitigation strategies, as well as recent revisions to related
supervisory guidance. The discussion on risk assessments has been expanded to
provide more detailed guidance on identifying information security risks and evaluating
the adequacy of controls and applicable risk management practices. In addition, new or
revised material is included regarding authentication, monitoring programs, malware,
remote access, and other topics.
In addition to the revised Information Security Booklet, the FFIEC also
issued an executive summary of its IT Examination Handbook that contains a high level
synopsis of each of the twelve booklets that comprise the handbook. The Information
Security Booklet and the executive summary are available electronically via the Internet
through the FFIEC's InfoBase application at
http://www.ffiec.gov/ffiecinfobase/index.html.
Reserve Banks are asked to distribute this SR Letter to the banking
organizations supervised by the Federal Reserve, as well as to their supervisory and
examination staff. If you have any questions regarding the revised guidance, please
contact Stacy Coleman, Assistant Director, Operational and IT Risk Section, at
(202) 452-2934, Elton Hill, Senior Supervisory Financial Analyst, at (202) 452-2514, or
Ken Fulton, Supervisory Financial Analyst, at (202) 452-2314.
Roger T. Cole
Acting Director

Cross Reference:

SR letters | 2006
Home | Banking information and regulation
Accessibility | Contact Us
Last update: July 28, 2006

SR Letters 05-23, 05-19, 04-17, 04-14, 02-18, 02-6, 01-15, 0111, 00-17, 00-4, 99-8, and 97-32