To ensure your institution is following these best practices, we encourage you to take the steps to collaborate with your regulators and your peers. Your institution and Kansas are not an island. Cybersecurity has no borders and crosses infrastructures. We must collaborate and share information. To help you better collaborate and focus on the fundamentals, we recommend you follow this three step process now to get your organization started:

    • Adopt a budget for meeting your cybersecurity strategy within a reasonable time period.

    • Hire an audit firm to review the implementation of your framework rather than for minimum regulatory guidelines (a mock FFIEC exam).

Staying cyber-secure is not as simple as completing a single checklist. It is not a project that you do once and are finished, it is an ongoing process that evolves with the industry and emerging threats. By following the above steps, you will be better positioned for a more secure future.

The Office of the State Bank Commissioner works with other state regulators across the U.S., federal regulatory agencies, the U.S. Treasury Department, Federal Law Enforcement agencies to identify ways to protect institutions from cyber-attacks.

Resources below are provided by trusted sources and are generally considered industry best practices:


CSBS Ransomware Self-Assessment Tool 2.0 – Updated October 2023

CISA – Stop Ransomware / Ransomware Best Practices

Self-Assessment Tools

NIST Cybersecurity Framework

FFIEC Cybersecurity Assessment Tool

Security Controls

Center for Internet Security Controls

NIST – Security & Privacy Controls for Information Systems

Remote Work

CISA – Telework Guidance

CISA/NSA – Hardening Remote Access VPN

Additional Resources

CSBS Cybersecurity 101

FFIEC IT Examination Handbooks

SANS – Cybersecurity Training

Comments are closed.

Close Search Window