FDIC Information Security and Privacy Strategic Plan: 2018-2021: Theme 2 - Risk Management
Theme 2 - Risk Management
A core component of cybersecurity and privacy activities is managing risk. As FDIC Divisions and Offices continue their reliance on technology, FDIC must be agile in preventing, detecting, and responding to cyber attacks that are ever increasing, both in number and sophistication. The environment poses many threats against many systems, with both known and unknown vulnerabilities, which makes it difficult for FDIC to address all of them. As such, the Corporation must understand threats specific to its environment. FDIC must also rank and prioritize information assets to implement protections commensurate with risks.
Proper risk management can more effectively guide appropriate investments and resource levels required to address areas posing the highest risk to FDIC information assets and infrastructure. The FDIC will maintain relationships with internal and external entities to collect, assess, and respond to cybersecurity threats and vulnerabilities and will conform to a security architecture to manage system complexity and diversity to minimize risks. Continuing to mature and integrate risk management when implementing any of the following strategic objectives will allow FDIC’s OCISO, Divisions, and Offices to focus on what is most important to reduce impact should cyber attacks occur.