Mike Riggs

Mike Riggs
on July 11, 2018

How to boost your FFIEC CAT score, Part 1: What the CAT dragged in

How to boost your FFIEC CAT score, Part 1: What the CAT dragged in

Since the Federal Financial Institutions Examination Council (FFIEC) introduced the Cybersecurity Assessment Tool (CAT) a few years ago, financial institutions have finally recommended a prescriptive path to operational cybersecurity maturity.

So what has the CAT brought us?

  • Financial institutions welcomed the CAT. While institutions aren’t required to complete the assessment, examiners use it as their framework when assessing institutions during exams. The CAT was intentionally vague and lacked specific guidance; but it did act as a tool that gave institutions the right amount of autonomy to grow in the areas they saw fit while adhering to the suggested path to maturity. It introduced new concepts, including Domain II, which covered complex topics in Threat Intelligence and Information Sharing.

  • It’s tough to evolve beyond the baseline requirement of “belonging or subscribing to a threat and vulnerability information sharing source that provides information on threats”. At my institution, we were already ahead of the curve by belonging to the FS-ISAC and being active with their various Community Institution and CyberIntel mailing lists, but the volume of information coming through was too much and mostly unactionable at a small institution like ours. There was a struggle to find a product to help cover the information overload and make the information actionable without increasing headcount or level of effort in information security resources.

  • This gap in coverage is where Perch Security has found a niche in financial services. I was a Perch user before I was an employee. I loved the product because Perch boosts an organization’s CAT Domain II maturity level and helps cover many other controls that are part of a well-defined cybersecurity program. From threat intelligence detection and response to participation in threat intelligence communities, Perch helps make up shortfalls in stretched budgets of financial institutions by backfilling with People (managed 24x7 SOC services), Process (helping bring structure around escalation and initiation of incident response and threat intel consumption) and Technology (automating the detection of the threats on your network).

Look for future blog posts From Michael Riggs, CISSP, that will cover achieving maturity in specific CAT domains.

We'd love to hear your thoughts. Find us on Twitter, LinkedIn or write in to hello@perchsecurity.com

Next: React in Outlook? How we built the Weekly Indicators Summary

Share this on:

Mike Riggs

Mike Riggs
on July 11, 2018

Recent Posts

React in Outlook? How we built the Weekly Indicators Summary

React in Outlook? How we built the Weekly Indicators Summary
Supercharge your SOC: 3 security playbook ideas with the Perch API

Supercharge your SOC: 3 security playbook ideas with the Perch API
Customer Insights: John Nelson reacts to the HITRUST and American Medical Association Cyber Risk Announcement

Customer Insights: John Nelson reacts to the HITRUST and American Medical Association Cyber Risk Announcement
Perchy Subscribe to our blog

© Perch Security 2022