top of page
FFIEC Cybersecurity Assessment Tool - In-Person

FFIEC Cybersecurity Assessment Tool - In-Person

Does your bank have the right level of maturity for your Cybersecurity Risk Management activities compared to the inherent risk levels?


The FFIEC Cybersecurity Assessment Tool (CAT) is a diagnostic testing tool that helps internal auditors identify a bank's level of inherent risk and determine the maturity level of their cybersecurity programs.


This training course looks at the way cybersecurity inherent risks can vary significantly based on a financial institution's activities. It is imperative for a bank's internal audit function to evaluate and analyze the financial institution's inherent risk levels to cybersecurity threats and vulnerabilities. The FFIEC CAT, which is the basis for this training event, provides a method for measuring a bank's inherent risk levels across several categories. The FFIEC Cybersecurity Assessment Tool focuses on five  categories of inherent risks; including delivery channels, connection types, external threats, and organizational characteristics.


This comprehensive training course is for anyone who wants to have a strong base of knowledge and understanding of the FFIEC Cybersecurity Assessment Tool and its use within a banking institution.


This timely, 16 hour CPE bank training course is designed for the project director, project leader and individuals who have to create an effective cybersecurity assessment within their internal audit activities.


This internal control training course will provide each attendee with 16 CPE Event Hours (YB). A certificate of completion will be awarded.


CCS also has professional staff that can assist your organization in doing a Cybersecurity Assessment Report. This link will take you to an example of our diligent inquiry work creating a cybersecurity assessment report for internal usage by a major insurance organization.

  • Details on Event Presentation

    The sessions will be as follows:

    Tuesday – 9:00 a.m. to 5:00 p.m.

    Wednesday - 9:00 a.m. to 5:00 p.m.

    We can schedule private virtual events on your timetable for three or more attendees.

    NASBA Program Disclosure

    Program Level of Understanding: Intermediate

    Prerequisites: None

    Advance Preparation: Review Cybersecurity Assessment Tool

    Delivery Format: Group Internet Based

    NASBA Field(s) of Study: Auditing, Business Management & Organization, Information Technology

    CPE Credits: 16, based on 50 minutes of instruction per hour

  • CPE Event Highlights

    This course covers use of FFIEC Cybersecurity Assessment Tool to provide the internal auditor with a repeatable set of criteria with a maturity model measurement process for their cybersecurity program.

    Using this bank audit program can allow for information to be passed to banking management of the inherent risks compared to the existing cybersecurity internal control preparedness.

    This CPE training event will position the audit leader to use FFIEC Cybersecurity Assessment Tool as the criteria for completing a review of the current state of a bank's cybersecurity program.

  • Learning Objectives

    What you will learn:

    • Understanding the FFIEC Cybersecurity Assessment Tool guidance.

    • Learn about FFIEC Cybersecurity Assessment Tool Priorities

    • Understand FFIEC Cybersecurity Assessment Tool Inherent Risk Profile Assessment Categories

    • Understand FFIEC Risk Levels

    • Learn about Inherent Risk Categories and Ratings

    • Understand in detail the FFIEC Cybersecurity Assessment Tool Maturity Assessment Category

  • Key Issues on the Agenda

    Section 1 - Contents of the FFIEC CAT
    Section 2 - The FFIEC Assessment
    Section 3 - Develop an Inherent Risk Assessment Profile
    Section 4 - Assess the Maturity Level of Cybersecurity Program Components
    Section 5 - Interpret and Analysis Assessment Results
    Section 6 - Report the Results
    Section 7 - Summary and Going Forward

  • Summary of the Subject Matter

    The FFIEC Cybersecurity Assessment Tool (FFIEC CAT) is a comprehensive training event offered by CCS that covers the fundamentals of FFIEC cybersecurity compliance. The in-person or webinar course provides a comprehensive overview of the FFIEC Cybersecurity Assessment Tool, including how to perform an FFIEC audit and the different types of audits involved in the process of cybersecurity assessment.


    This training is suitable for internal auditors, audit managers, and other compliance professionals, including those involved in bank compliance, internal control auditing, and auditing services.


    The FFIEC Cybersecurity Assessment Tool is a framework developed by the Federal Financial Institutions Examination Council (FFIEC) to help financial institutions assess their cybersecurity risk posture and determine their level of preparedness against potential cyber threats.


    The tool consists of a series of questions and scenarios that address various aspects of an organization's cybersecurity risk management program, such as governance, threat intelligence, incident management, and access controls. The answers to these questions provide insight into the maturity and effectiveness of the organization's cybersecurity risk management practices and help identify areas that need improvement.


    The FFIEC tool is designed to be flexible and scalable, allowing organizations of different sizes and complexities to use it effectively. By using the FFIEC Cybersecurity Assessment Tool, organizations can gain a comprehensive understanding of their cybersecurity risk posture and take the necessary steps to reduce their exposure to cyber threats.


    The FFIEC training covers the key components of the FFIEC CAT tool, which is designed to assist financial institutions in performing cybersecurity risk assessments. Participants will learn about the audit process and it is considers the auditing standards set by the Institute of Internal Auditors (IIA).


    This training is essential for those seeking to understand the complexities of FFIEC cybersecurity compliance. This was done in the form of bank compliance webinars and internal audit training. The course covers topics such as what an internal audit is, audit planning, audit compliance, and evaluating the maturity level of management control in auditing. It also provides a comprehensive understanding of the FFIEC audit process.


    Overall, the FFIEC Cybersecurity Assessment Tool training provides a comprehensive overview of the FFIEC CAT tool, the audit process, and meeting the standards set by the IIA. It is a must-attend event for those seeking to enhance their skills in cyber security assessment, bank compliance and internal audit performance, and it provides participants with a solid foundation in audit compliance and internal control in auditing a bank’s cyber security controls framework.

bottom of page