When

Thursday, December 17, 2020 from 9:00 AM to 4:00 PM CST
Add to Calendar 

Where

This is a livestream event.

Contact

Lorri Johnson 
Sawyers & Jacobs LLC 
901-643-5562 
ljohnson@sawyersjacobs.com 
 

Information Security Officer (ISO) Education Thursday, December 17, 2020

(Rescheduled from March 26, 2020, Live Event) 

Information Security Officer (ISO) Education

Tips & Techniques for ISO Success

Livestream Event

9:00 AM - 4:00 PM

Whether you are a new ISO or a seasoned veteran ISO, the information security landscape shifts daily which requires continuing and constant diligence.  Staying on top of the latest trends, practical approaches, and regulatory expectations can be daunting.  Let the Sawyers & Jacobs team make your life "ISO-easier" in this entertaining and informative session.

As noted in the recent updates to the FFIEC IT booklet on Information Security, “Management should designate at least one information security officer responsible for implementing and monitoring the information security program.”  Further, the guidance notes, “Information security officers should report directly to the board or senior management and have sufficient authority, stature within the organization, knowledge, background, training, and independence to perform their assigned tasks.”

In addition to several related regulatory issuances, including Section 501(b) of the Gramm-Leach-Bliley Act (GLBA), the FFIEC agencies have strongly encouraged banks in recent examinations to provide formal training and education for their designated Information Security Officers (ISOs) as part of the banks’ information security programs.  

Since the "Interagency Guidelines Establishing Information Security Standards" (501(b) guidelines) were established, the FFIEC agencies have applied enforcement actions if financial institutions do not establish and maintain adequate information security programs.  Expect this trend to continue for banks that are unprepared, especially with the examiners’ new Information Technology Risk Examination (InTREx) Program which places increased emphasis on cybersecurity preparedness.

Join us for this entertaining, informative, bank-specific session that will provide your bank’s Information Security Officer with the knowledge and confidence necessary to take on this important responsibility.

Schedule

9:00 a.m.         MORNING SESSIONS

   Duties of the ISO:  What Must be Done and What is a                        Waste of Time

                         Regulatory Expectations & Hot Buttons:  Which Way the       Examination Winds are Blowing in 2020

                         Programs, Policies, and Risk Assessments:  Tackling           Complexity with Simplicity

                         Risk Mitigation Best Practices

Noon                Lunch/Peer Networking

1:00 p.m.        AFTERNOON SESSIONS

   Audit & Exam Prep: How the ISO Can Help

                        Current Cybersecurity Best Practices, Threats, & Case                                Studies

                        Incident Response:  Oh Shoot!  We’ve Been Hacked!

                        Customer Response:  One Chance to Get it Right

                        Vendor Management Made Easier

                        Reporting to the Board (and Training Them) Without                                    Inducing Sleep

4:00 p.m.        Adjourn  

Schedule

9:00 a.m.         MORNING SESSIONS

Duties of the ISO:  What Must be Done and What is a Waste of Time

                        Regulatory Expectations & Hot Buttons:  Which Way the Examination Winds are Blowing in 2020

                        Programs, Policies, and Risk Assessments:  Tackling Complexity with Simplicity

                        Risk Mitigation Best Practices

Noon               Lunch (on-site)/Peer Networking

1:00 p.m.        AFTERNOON SESSIONS

Audit & Exam Prep: How the ISO Can Help

                        Current Cybersecurity Best Practices, Threats, & Case Studies

                        Incident Response:  Oh Shoot!  We’ve Been Hacked!

                        Customer Response:  One Chance to Get it Right

                        Vendor Management Made Easier

                        Reporting to the Board (and Training Them) Without Inducing Sleep

4:00 p.m.        Adjourn

Session Highlights

1.       Information Security Defined

2.       The Importance of Board Oversight

3.       Senior Management Responsibilities

4.       The Role of the ISO

5.       Legal and Regulatory Issues

6.       Gramm-Leach-Bliley Act (GLBA) Compliance

7.       Anatomy of the Information Security Program

8.       Performing the Information Security Risk Assessment

9.       Audit’s Role in Testing Mitigating Controls

10.   The ISO’s Role in Enterprise Risk Management (ERM)

11.   Developing and Delivering a Powerful Security Awareness Program

12.   Understanding Current Security Threats

13.   Security Best Practices

14.   Security Monitoring

15.   Incident Response

16.   Customer Response Program

17.   Information Disposal

18.   Engaging an Effective IT Audit

19.   Cybersecurity Issues

a.       FFIEC Cybersecurity Assessment Tool (CAT)

b.      Bank-specific Cybersecurity Risk Assessment

c.       Cybersecurity Assessment (in conjunction with IT Audit)

d.      Penetration Testing

e.      Vulnerability Scanning

f.        Social Engineering

20.   Service Provider Oversight

21.   Reporting to the Board of Directors or the Audit Committee

Who Should Attend?

This session will appeal to Information Security Officers (ISOs), chief risk officers, auditors, compliance officers, technology & operations management, chief financial officers, board members, and anyone else responsible for information security or cybersecurity preparedness.

 

Instructors

Learn from three of the most experienced people in the industry.  As consultants who are doing this work in client banks every week, your instructors can discuss practice, not just theory.  Get expert interpretation, not just a reading of the regulations.  Find out how information security incidents have been handled in banks across the nation and how you can protect your bank and mitigate information security risk effectively and affordably. 

CPE and Certificate

Receive 6 hours of Continuing Professional Education (CPE) credits and a certificate of completion for this program.

Paul W. Barret, Jr. School of Banking is registered with the National Association of State Boards of Accountancy (NASBA), as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be addressed to the National Registry of CPE Sponsors, 150 Fourth Avenue North, Suite 700, Nashville, TN 37219-2417. Web site: www.nasba.org.

The Barret School of Banking offering of Information Security Officer Education a “group-live” advanced level program for bankers and other financial professionals. No advanced preparation or other prerequisites are required for enrollment. Admission guidelines are stated on the application. For more information regarding administrative policies such as complaint or refund, please contact the School office at 901-321-4000.  Participants will receive 6 hours of Continuing Professional Education (CPE) credit for this program.

Note:  This is a Sawyers & Jacobs LLC event presented for bankers and examiners only.  

All content and materials (in print and electronic formats) are copyrighted and represent the intellectual property of Sawyers & Jacobs LLC.  Any content or materials from this event are not to be reproduced or distributed, in any form.  Individual handouts will be provided to paid registrants.  Such handouts are for their use only and are not to be copied or shared with other banks or any other third-party. 

2020, Sawyers & Jacobs LLC, All Rights Reserved.

Schedule

9:00 a.m.         MORNING SESSIONS

Duties of the ISO:  What Must be Done and What is a Waste of Time

                        Regulatory Expectations & Hot Buttons:  Which Way the Examination Winds are Blowing in 2020

                        Programs, Policies, and Risk Assessments:  Tackling Complexity with Simplicity

                        Risk Mitigation Best Practices

Noon               Lunch (on-site)/Peer Networking

1:00 p.m.        AFTERNOON SESSIONS

Audit & Exam Prep: How the ISO Can Help

                        Current Cybersecurity Best Practices, Threats, & Case Studies

                        Incident Response:  Oh Shoot!  We’ve Been Hacked!

                        Customer Response:  One Chance to Get it Right

                        Vendor Management Made Easier

                        Reporting to the Board (and Training Them) Without Inducing Sleep

4:00 p.m.        Adjourn