Email to order the Recording + Free Digital Download
The proactive development of a robust and sustained information security program is critically important to the safety and soundness of your financial institution’s operations. Aligned with NIST’s framework and FFIEC’s Cybersecurity Assessment Tool, the amended Information Security Booklet, one of the 11 booklets that make up the Information Technology Handbook (IT Handbook), was updated to “help examiners measure the adequacy of an institution’s culture, governance, information security program, security operations, and assurance processes.”
This webinar will provide a high-level, non-technical overview of FFIEC’s amendments to the Information Security Booklet and how the updates can impact your financial institution’s information security program.
HIGHLIGHTS
Overview of Information Security Booklet’s examination procedure changes: Elimination of Tier I and Tier II procedures creating a single risk-based safety and soundness examination protocol
Information Security Booklet’s alignment with FFIEC’s cybersecurity assessment tool
FinCEN’s new cyber-event and cyber-enabled crime reporting expectations and impact on monitoring
Overview of FFIEC’s three actionable bullet points to ensure a robust information security program:
Support the institution’s IT risk management process by identifying threats, measuring risk, defining information security requirements, and implementing controls
Integrate with lines of business and support functions in which risk decisions are made
Integrate third-party service provider activities with the information security program
White House statement on the report of the Commission on Enhancing National Cybersecurity
TAKE-AWAY TOOLKIT
FFIEC’s Information Security Booklet weblink (September 2016)
FinCEN’s cyber-event advisory with frequently asked questions (October 2016)
Commission on Enhancing National Cybersecurity report (December 2016)
Automated FFIEC cybersecurity assessment tool spreadsheet (FS-ISAC)
Template for wire authentication and validation procedures
Employee training log
Quiz you can administer to measure staff learning and a separate answer key
Attendance verification for CE credits provided upon request.
WHO SHOULD ATTEND? Risk management, including information security, risk, compliance, audit, and legal staff, as well as board and audit committee members.
ABOUT THE PRESENTER – Brian W. Vitale, NCCO, CAMS-Audit, Compliance Advisory Services, earned his Political Science degree from North Central College in 1996 and an MBA from the University of Notre Dame in 2014. Brian was recruited by the National Security Division of the FBI where he specialized in counterterrorism and foreign counterintelligence. In addition, he is a decorated veteran who served in Guantanamo Bay, Cuba in the early 1990s. Subsequent to the FBI, Brian spent many years in banking and finance where his skills led him to the field of Global Operational Risk Management. He has over 23 years of banking, finance, and investigative experience. In July 2011, Brian joined a community financial institution and currently serves as their chief risk and compliance officer. He speaks nationally on BSA, anti-money laundering, enterprise risk management, cybersecurity, and strategy.
No comments:
Post a Comment