Video Game

FFIEC Cybersecurity Assessment Tool

Offered bi-monthly on Tuesday-Fridays in four four hour CPE events
Does your bank have the right level of maturity for your Cybersecurity Risk Management activities compared to the inherent risk levels?

The FFIEC Cybersecurity Assessment Tool (CAT) is a diagnostic testing tool that helps internal auditors identify a bank's level of inherent risk and determine the maturity level of their cybersecurity programs.

This training course looks at the way cybersecurity inherent risks can vary significantly based on the financial institution's activities. It is important for a bank's internal audit function to evaluate and analyze the financial institution's inherent risk levels to cybersecurity threats and vulnerabilities.

CAT, which is the basis for this training event, provides a method for measuring a bank's inherent risk levels across several categories, including delivery channels, connection types, external threats, and organizational characteristics.

This comprehensive training course is for anyone who wants to have a strong base of knowledge and understanding of the FFIEC CAT and its use within a banking institution.

This timely, 16 hour CPE training seminar is designed for the project director, project leader and individuals who have to create an effective cybersecurity assessment within their internal audit activities.

This comprehensive in-person event is designed for Internal Auditors, Compliance Analysts, Security Officers and Administrators. Let's learn, grow, and enhance our Security effectiveness! Sign up now!

Each attendee will receive 16 NASBA CPE hours. Government attendees will satisfy their Yellow Book (YB) requirements. A Certificate of Completion will be provided at the conclusion of the class.

Program Level of Understanding: Intermediate
Prerequisites: Basic understanding of auditing and IT security
Advance Preparation: Review Cybersecurity Assessment Tool
Delivery Format: On-site Training (Group-Live); Seminar (Group-Live)
NASBA Field(s) of Study: Auditing, Business Management & Organization, Information Technology
CPE Credits: 16, based on 50 minutes of instruction per hour

CPE Event Highlights

This course covers use of CAT to provide the internal auditor with a repeatable set of criteria with a maturity model measurement process for their cybersecurity program.


This audit process can allow for information to be passed to banking management of the inherent risks compared to the existing cybersecurity internal control preparedness.

This training event will position the audit leader to use CAT as the criteria for completing a review of the current state of a bank's cybersecurity program.

Learning Objectives

What you will learn:

  • Understanding the FFIEC guidance.

  • Learn about FFIEC Cybersecurity Priorities

  • Understand FFIEC CAT Inherent Risk Profile Assessment Categories

  • Understand FFIEC Risk Levels

  • Learn about Inherent Risk Categories and Ratings

  • Understand in detail the FFIEC CAT Maturity Assessment Category

Key Concepts on the Agenda

Section 1 - Contents of the FFIEC CAT
Section 2 - The FFIEC Assessment
Section 3 - Develop an Inherent Risk Assessment Profile
Section 4 - Assess the Maturity Level of Cybersecurity Program Components
Section 5 - Interpret and Analysis Assessment Results
Section 6 - Report the Results
Section 7 - Summary and Going Forward