This is a livestream event.
Information Security Officer (ISO) Education
Tips & Techniques for ISO Success
Livestream Event
9:00 AM - 4:00 PM
Whether you are a new ISO or a seasoned veteran ISO, the information security landscape shifts daily which requires continuing and constant diligence. Staying on top of the latest trends, practical approaches, and regulatory expectations can be daunting. Let the Sawyers & Jacobs team make your life "ISO-easier" in this entertaining and informative session.
As noted in the recent updates to the FFIEC IT booklet on Information Security, “Management should designate at least one information security officer responsible for implementing and monitoring the information security program.” Further, the guidance notes, “Information security officers should report directly to the board or senior management and have sufficient authority, stature within the organization, knowledge, background, training, and independence to perform their assigned tasks.”
In addition to several related regulatory issuances, including Section 501(b) of the Gramm-Leach-Bliley Act (GLBA), the FFIEC agencies have strongly encouraged banks in recent examinations to provide formal training and education for their designated Information Security Officers (ISOs) as part of the banks’ information security programs.
Since the "Interagency Guidelines Establishing Information Security Standards" (501(b) guidelines) were established, the FFIEC agencies have applied enforcement actions if financial institutions do not establish and maintain adequate information security programs. Expect this trend to continue for banks that are unprepared, especially with the examiners’ new Information Technology Risk Examination (InTREx) Program which places increased emphasis on cybersecurity preparedness.
Join us for this entertaining, informative, bank-specific session that will provide your bank’s Information Security Officer with the knowledge and confidence necessary to take on this important responsibility.
Schedule
9:00 a.m. MORNING SESSIONS
Duties of the ISO: What Must be Done and What is a Waste of Time
Regulatory Expectations & Hot Buttons: Which Way the Examination Winds are Blowing in 2020
Programs, Policies, and Risk Assessments: Tackling Complexity with Simplicity
Risk Mitigation Best Practices
Noon Lunch/Peer Networking
1:00 p.m. AFTERNOON SESSIONS
Audit & Exam Prep: How the ISO Can Help
Current Cybersecurity Best Practices, Threats, & Case Studies
Incident Response: Oh Shoot! We’ve Been Hacked!
Customer Response: One Chance to Get it Right
Vendor Management Made Easier
Reporting to the Board (and Training Them) Without Inducing Sleep
4:00 p.m. Adjourn
Session Highlights
1. Information Security Defined
2. The Importance of Board Oversight
3. Senior Management Responsibilities
4. The Role of the ISO
5. Legal and Regulatory Issues
6. Gramm-Leach-Bliley Act (GLBA) Compliance
7. Anatomy of the Information Security Program
8. Performing the Information Security Risk Assessment
9. Audit’s Role in Testing Mitigating Controls
10. The ISO’s Role in Enterprise Risk Management (ERM)
11. Developing and Delivering a Powerful Security Awareness Program
12. Understanding Current Security Threats
13. Security Best Practices
14. Security Monitoring
15. Incident Response
16. Customer Response Program
17. Information Disposal
18. Engaging an Effective IT Audit
19. Cybersecurity Issues
a. FFIEC Cybersecurity Assessment Tool (CAT)
b. Bank-specific Cybersecurity Risk Assessment
c. Cybersecurity Assessment (in conjunction with IT Audit)
d. Penetration Testing
e. Vulnerability Scanning
f. Social Engineering
20. Service Provider Oversight
21. Reporting to the Board of Directors or the Audit Committee
Who Should Attend?
Instructors
Learn from three of the most experienced people in the industry. As consultants who are doing this work in client banks every week, your instructors can discuss practice, not just theory. Get expert interpretation, not just a reading of the regulations. Find out how information security incidents have been handled in banks across the nation and how you can protect your bank and mitigate information security risk effectively and affordably.
CPE and Certificate
Receive 6 hours of Continuing Professional Education (CPE) credits and a certificate of completion for this program.
Paul W. Barret, Jr. School of Banking is registered with the National Association of State Boards of Accountancy (NASBA), as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be addressed to the National Registry of CPE Sponsors, 150 Fourth Avenue North, Suite 700, Nashville, TN 37219-2417. Web site: www.nasba.org.
The Barret School of Banking offering of Information Security Officer Education a “group-live” advanced level program for bankers and other financial professionals. No advanced preparation or other prerequisites are required for enrollment. Admission guidelines are stated on the application. For more information regarding administrative policies such as complaint or refund, please contact the School office at 901-321-4000. Participants will receive 6 hours of Continuing Professional Education (CPE) credit for this program.
Note: This is a Sawyers & Jacobs LLC event presented for bankers and examiners only.
All content and materials (in print and electronic formats) are copyrighted and represent the intellectual property of Sawyers & Jacobs LLC. Any content or materials from this event are not to be reproduced or distributed, in any form. Individual handouts will be provided to paid registrants. Such handouts are for their use only and are not to be copied or shared with other banks or any other third-party.
© 2020, Sawyers & Jacobs LLC, All Rights Reserved.
Schedule
9:00 a.m. MORNING SESSIONS
Duties of the ISO: What Must be Done and What is a Waste of Time
Regulatory Expectations & Hot Buttons: Which Way the Examination Winds are Blowing in 2020
Programs, Policies, and Risk Assessments: Tackling Complexity with Simplicity
Risk Mitigation Best Practices
Noon Lunch (on-site)/Peer Networking
1:00 p.m. AFTERNOON SESSIONS
Audit & Exam Prep: How the ISO Can Help
Current Cybersecurity Best Practices, Threats, & Case Studies
Incident Response: Oh Shoot! We’ve Been Hacked!
Customer Response: One Chance to Get it Right
Vendor Management Made Easier
Reporting to the Board (and Training Them) Without Inducing Sleep
4:00 p.m. Adjourn