The Federal Financial Institutions Examination Council (FFIEC) requires that financial institutions implement an ongoing security process and institute appropriate governance for the security function, assigning clear and appropriate roles and responsibilities to the board of directors, management, and employees.

Financial institutions must maintain an ongoing information security risk assessment program that effectively:

  • Gathers data regarding the information and technology assets of the organization, threats to those assets, vulnerabilities, existing security controls and processes, and the current security standards and requirements
  • Analyzes the probability and impact associated with the known threats and vulnerabilities to their assets
  • Prioritizes the risks present due to threats and vulnerabilities to determine the appropriate level of training, controls, and assurance necessary for effective mitigation

A strategy should be developed that defines control objectives & establishes an implementation plan. Security strategies should include:

  • Appropriate consideration of prevention, detection, and response mechanisms
  • Implementation of the least permissions and least privileges concepts
  • Layered controls that establish multiple control points between threats and organization assets
  • Policies that guide officers and employees in implementing the security program

As you strive to achieve, exceed and maintain FFIEC guidelines, you’re likely considering the following solutions:

Managed Detection & Response

Our security operations analysts monitor, investigate, and disrupt advanced threats in real time inside the perimeter – across your DNS and Active Directory servers, security devices, endpoints, and email servers.

Vulnerability Management

We use the latest threat-led intelligence, best practices, and leading technologies to scan, detect, and remediate vulnerabilities in your environment – before they can be exploited.

Managed Endpoint Detection & Response

More endpoints mean more threats. Our Managed EDR delivers visibility supported by machine learning and automation to prevent, detect, and remediate known and unknown threats at your endpoints.

Email Protection Services

Defend critical business communications against today’s sophisticated payloads and social engineering attacks with our integrated suite of services.

Secure Device Management

Our leading-edge Secure Device Management delivers critical functionality to strengthen the defense of users and digital assets in a modern, perimeterless world.

Why Is SilverSky Your Partner for Achieving FFIEC Guidelines?

  • For two decades, we have served more than 1,500 small to mid-sized financial institutions and have been held to the same stringent compliance regulations as many of our clients. SilverSky understands the financial services industry and provides purpose-built compliance and risk management solutions.
  • We deliver technology that offers a holistic view of security across your company, not just a single technology area that point products provide.
  • We provide flexible and easy reporting across your entire security architecture making compliance reporting much easier.
  • We help streamline and centralize your monitoring and management. This means your IT teams are more efficient and free to perform functions that increase your overall security.
  • We lessen the strain of technical and human resource complexity so you can continue to grow and add new services while being safe in the knowledge your defenses are stronger than ever.

Meet your obligations

Discover how SilverSky can help you meet and maintain your FFIEC Guidelines