Baking the Best ACET Pie for Your Credit Union

Baking the Best ACET Pie for Your Credit Union

Baking the Best ACET Pie for Your Credit Union 800 588 Andrew Hay
At the recent CUNA Technology Council and CUNA Operations and Member Experience Council Conferences in Chicago earlier this month, CUNA Chief Compliance Officer Jared Ihrig emphasized that cybersecurity is among the organization’s top examination priorities in 2019 and beyond. “Security, confidentiality, and integrity of member information remains a key supervisory priority for NCUA,” said Ihrig. NCUA will use the Automated Cybersecurity Assessment Tool (ACET) in their examinations of credit unions with $250 million and more in assets in 2019, and that will be expanded even further in coming years.
Though there are 5 cybersecurity domains defined, as depicted below, the majority of Credit Unions that we work with often skip the most important aspect of the ACET – the definition of the Inherent Risk Profile.
The Inherent Risk Profile identifies activities, services, and products organized by technologies and connection types, delivery channels, online/mobile products and technology services, organizational characteristics, and external threats. At first glance, it may appear to be an overwhelming task and you may think “OK, I’ll come back to this later after I implement the components of the Cybersecurity Maturity Domains.” Perhaps the best way to look at the Inherent Risk Profile is to compare the ACET to a recipe for baking a pie.
The Cybersecurity Maturity phase is essentially the ingredients for making your pie. Though these are necessary in order to create the pie, without knowing the ingredient measurements, you will have a very hard time turning the raw ingredients into something that is edible. This is where the Inherent Risk Profile phase comes into play. By identifying the risks for each category, your CU will be able to measure the amount of additional effort that is required to reduce your overall risk.
Returning to the pie analogy, the Inherent Risk Profile tells you how much (risk) of each ingredient (maturity domain) is required to make the best pie (ACET-based cybersecurity assessment) for your CU. It should be noted that the Inherent Risk Profile recipe and Cybersecurity Maturity ingredients will differ from CU to CU just like a pie will taste different from region to region based on available ingredients and kitchen available.
If your CU needs help better understanding the recepie or ingredients for a successful ACET pie, Lares would be happy to help. Please contact us today and we’ll make sure that your cybersecurity program is the best program for your CU, your employees, and your members.

Where There is Unity, There is Victory

[Ubi concordia, ibi victoria]

– Publius Syrus

Contact Lares Consulting logo (image)

Continuous defensive improvement through adversarial simulation and collaboration.

Email Us

©2024 Lares, a Damovo Company | All rights reserved.

Error: Contact form not found.

Error: Contact form not found.

Privacy Preferences

When you visit our website, it may store information through your browser from specific services, usually in the form of cookies. Some types of cookies may impact your experience on our website and the services we are able to offer. It may disable certain pages or features entirely. If you do not agree to the storage or tracking of your data and activities, you should leave the site now.

Our website uses cookies, many to support third-party services, such as Google Analytics. Click now to agree to our use of cookies or you may leave the site now.