In 2019 we have seen more consistency and rigorous examination programs from both the state and federal level. The investments that regulatory agencies have made in Information Technology examination program updates is being noticed amongst financial institutions. For some institutions, you will find yourself using both processes to evaluate security or prepare for your examination.

These two programs have two different objectives. InTREx is used by FDIC examiners to conduct an examination against the institution where the FFIEC Cybersecurity Assessment Tool (CAT) can be both an examination tool and a self-assessment tool. Both provide extreme value to an institution when used properly. In this presentation, we will review both processes; best practices using each, comparison of their differences, and how to leverage them together.

It might seem excessive to follow two different processes for your institution. We can highlight ways to build a single model that can accomplish both objectives.

Covered Topics

  • Who is using InTREx?
  • InTREx Process
  • Top InTREx Findings
  • FFIEC Cybersecurity Assessment Tool (CAT) Process
  • Top Baseline Control Challenges
  • Pros and Cons of each process

Who Should Attend?

Information Security Officer, IT Manager, Risk Officer, Internal Auditor or other management team members looking for a solid understanding of the assessment process.