FDIC Chief Information Officer Testifies on Cybersecurity Protocols

FDIC Chief Information Officer and Chief Privacy Officer Lawrence Gross outlined how the FDIC identifies, analyzes, reports and remediates cybersecurity incidents based on the risk posed to supervised individuals or entities of potential harm. He made his remarks before the Subcommittee on Oversight, Committee on Science, Space, and Technology of the U.S. House of Representatives.

Mr. Gross laid out the following procedures:

  • the FDIC relies on a combination of self-reporting by employees and automated monitoring tools in order to continually identify the risk of harm to individuals and entities;

  • the FDIC maintains a cybersecurity incident response and escalation plan to ensure the systematic collection and analysis of facts that are relevant to an event and that help to determine the risk of harm to individuals or entities in order to take appropriate action;

  • the FDIC continues to refine its cybersecurity incident reporting regime following the passage of the Federal Information Security Management Act; and

  • the FDIC has taken remedial steps to decrease the risk of sensitive information being exposed through the use of portable media.

Premium Content

Available only to Premium subscribers.

 

Tags