FDIC Information Security and Privacy Strategic Plan: 2018-2021: Theme 3 - Governance
Theme 3 - Governance
Governance provides a mechanism for overseeing information security of key systems and setting and enforcing security and privacy standards and practices within the FDIC. To accomplish this, information security and privacy must be an integral part of technology investment planning and the FDIC Enterprise Architecture, and the programs must be aligned with business functions and priorities. Adoption and integration of an enterprise security architecture will support proper business alignment, data governance, and application design principles; and ensure systems are built on infrastructures that minimize architectural complexity and ensure cyber resilience.
FDIC is developing enterprise security principles, leveraging the Federal Enterprise Architecture Framework (FEAF)3 and technical security architecture standards, which align with the FDIC Enterprise Architecture. FDIC’s implementation of effective oversight and communication mechanisms assures the information security and privacy programs are meeting FDIC mission needs. This is done by frequent, regular interaction with FDIC business executives, analyzing performance and risk metrics and measures, conformance with a common security architecture, and risk-informed decision making.
3 The FEAF v2.0 describes a suite of tools to help government planners implement the Common Approach to Federal Enterprise Architecture, released in May 2012. At FEAF’s core is the Consolidated Reference Model (CRM) to equip OMB and Federal agencies with a common language and framework to describe and analyze investments and provide traceability from strategic goals to the infrastructure that enables achievement of those goals.