Welcome » IT Booklets » Information Security » Introduction » Regulatory Guidance, Resources, and Standards
Financial institutions developing or reviewing their information security controls, policies, procedures, or processes have a variety of sources upon which to draw. First, federal laws and regulations address security, and regulators have issued numerous security related guidance documents.See Appendix B for a listing of laws, regulations, and agency guidance. See also the FFIEC IT Examination Handbook series of booklets, of which this booklet is a part. Institutions also have a number of third-party or security industry resources to draw upon for guidance, including outside auditors, consulting firms, insurance companies, and information security professional organizations. In addition, many national and international standard-setting organizations are working to define information security standards and best practices for electronic commerce. While no formal industry accepted security standards exist, these various standards provide benchmarks that both financial institutions and their regulators can draw upon for the development of industry expectations and security practices. Some standard-setting groups include the following organizations: