As noted in the recent updates to the FFIEC IT booklet on Information Security, "Management should designate at least one information security officer responsible for implementing and monitoring the information security program."  Further, the guidance notes, "Information security officers should report directly to the board or senior management and have sufficient authority, stature within the organization, knowledge, background, training, and independence to perform their assigned tasks."

In addition to several related regulatory issuances, including Section 501(b) of the Gramm-Leach-Bliley Act (GLBA), the FFIEC agencies have strongly encouraged banks in recent examinations to provide formal training and education for their designated Information Security Officers (ISOs) as part of the banks' information security programs.  

Since the "Interagency Guidelines Establishing Information Security Standards" (501(b) guidelines) were established, the FFIEC agencies have applied enforcement actions if financial institutions do not establish and maintain adequate information security programs.  Expect this trend to continue for banks that are unprepared, especially with the examiners' new Information Technology Risk Examination (InTREx) Program which places increased emphasis on cybersecurity preparedness.

1.      Information Security Defined

2.      The Importance of Board Oversight

3.      Senior Management Responsibilities

4.      The Role of the ISO

5.      Legal and Regulatory Issues

6.      Gramm-Leach-Bliley Act (GLBA) Compliance

7.      Anatomy of the Information Security Program

8.      Performing the Information Security Risk Assessment

9.      Audit's Role in Testing Mitigating Controls

10.   The ISO's Role in Enterprise Risk Management (ERM)

11.   Developing and Delivering a Powerful Security Awareness Program

12.   Understanding Current Security Threats

13.   Security Best Practices

14.   Security Monitoring

15.   Incident Response

16.   Customer Response Program

17.   Information Disposal

18.   Engaging an Effective IT Audit

19.   Cybersecurity Issues

a.      FFIEC Cybersecurity Assessment Tool (CAT)

b.      Bank-specific Cybersecurity Risk Assessment

c.      Cybersecurity Assessment (in conjunction with IT Audit)

d.      Penetration Testing

e.      Vulnerability Scanning

f.       Social Engineering

21.   Reporting to the Board of Directors or the Audit Committee

This session will appeal to Information Security Officers (ISOs), chief risk officers, auditors, compliance officers, technology & operations management, chief financial officers, board members, and anyone else responsible for information security or cybersecurity preparedness.

Instructors
Over 35 years of experience in the financial services technology field   Former community banker Nationally recognized   speaker, author, and teacher for the banking industry   Teaches the technology, payments, risk management and/or cybersecurity courses at five prestigious banking schools around the nation Author of IT Auditing for Financial Institutions (2002) Co-Author of The Art of Enterprise Risk Management for Community Banks (2014) Contributor to BankersOnline (BOL Guru)   Leads sessions on technology for the Sheshunoff CEO Affiliation Network Graduate of Christian Brothers University with a concentration in Information Technology Management and Telecommunications	Over 19 years of experience providing IT consulting services and solutions focusing on financial institutions Adjunct faculty member at Christian Brothers University where he teaches Digital Forensics as part of the Cybersecurity and Digital Forensics degree program Certified Information Systems Security Professional (CISSP), GIAC Penetration Tester (GPEN), and Systems Security Certified Practitioner (SSCP) Co-author of the SSCP Study Guide and Training System Specializes in cyber-security assessments including penetration testing, social engineering, vulnerability scanning, and data loss prevention (DLP) Graduate of Christian Brothers University with a concentration in Information Technology Management and Telecommunications	Over 14 years of experience in the banking industry Former Senior Bank Examiner for State Banking Department (regulatory compliance, financial soundness, and risk management) Former community bank COO where he also served as his bank's ISO Assists banks in IT Auditing and related risk management and information security issues Licensed as a Certified Public Accountant (CPA) and a Certified Information Systems Auditor (CISA) Graduate of Arkansas State University with a B.S. in Finance

Learn from three of the most experienced people in the industry.  As consultants who are doing this work in client banks every week, your instructors can discuss practice, not just theory.  Get expert interpretation, not just a reading of the regulations.  Find out how information security incidents have been handled in banks across the nation and how you can protect your bank and mitigate information security risk effectively and affordably.