TIM-6705 v1

Federal Financial Institutions Examination Council. (n.d.). II.C.4 control implementation. FFIEC.
This resource gives guidance on how controls should be implemented to align with the organization’s security.

Guan, L. (2019). Finance CIOs must review security controls now.
This resource made a case for why financial services must immediately assess their current security controls to ensure they comply with cybersecurity requirements.

Center for Internet Security. (n.d.). The 20 CIS controls & resources.
This resource lists 20 critical controls and resources in different categories (basic, foundational, and organizational) to help organizations cybersecurity and combat cyberattacks. Click on each list to learn more.

Clozel, L. (2016, August 9). Promises to 'Adjust' cybersecurity controls. American Banker, 1(152).
This resource shares the FDIC slate of new data-protection measures and lists a series of new efforts to mitigate cyber-attacks.

National Institute of Standards and Technology. (2020, September). NIST Special Publication 800-53, Revision 5: Security And Privacy Controls for Information Systems and Organizations.
This resource provides a catalog of security and privacy controls for information systems and organizations to protect organizational operations and assets, individuals, other organizations, and the Nation from a diverse set of threats and risks, including hostile attacks, human errors, natural disasters, structural failures, foreign intelligence entities, and privacy risks. Focus reading on Executive Summary.

Benardo, M. B., & Weatherby, K. M. (2015). A framework for cybersecurity.
This resource gives an account of the evolving cyber threat landscape and the U.S. government’s response to enhance the security and resilience of the nation’s critical infrastructure sectors. It also depicts how components of financial institutions’ information security programs, including corporate governance, security awareness training, and patch-management programs, should be enhanced to address cybersecurity risks, and concludes with an overview of actions taken by the federal banking agencies to respond to cyber threats.