The FFIEC’s Cybersecurity Assessment Tool was mapped to the NIST Cybersecurity Framework to help institutions identify their risks and determine their cybersecurity preparedness.

Additionally, the FFIEC IT Information handbook calls for “independent, comprehensive and effective audit coverage of IT controls,” and further states that “the board may delegate the design, implementation and monitoring of specific IT activities.” 

 It's the IT leader's job to manage and secure the infrastructure of the organization. It's the Information Security Officer's job to safeguard your data, digital and otherwise, and to create a culture of security. These are complimentary but distinctly independent roles. In fact, oversight of IT, with respect to information security, is the ISO's responsibility. One person should not hold both of these positions.

Delegation of Duties to 3rd Parties

“While the board may delegate the design, implementation and monitoring of certain IT activities to the steering committee, the board remains responsible for overseeing IT activities.” - FFIEC IT Handbook

When it comes to assuring the board is doing their due diligence, the FFIEC recommends considering utilizing third parties to assure a proper segregation of duties. All Covered can help provide the board with guidance in assuring such structures are in place.

Watch Video
End User Security Training

Your Trusted Technology Partner

866 446 1133 Sales

877 224 8911 Support

© 2019 All Covered is a division of Konica Minolta Business Solutions, USA, Inc.

Privacy Policy     Terms of Service     Site Map