Information Security Officer (ISO) Education Securing Your Bank’s Future

As noted in the recent updates to the FFIEC IT booklet on Information Security, “Management should designate at least one information security officer responsible for implementing and monitoring the information security program.”  Further, the guidance notes, “Information security officers should report directly to the board or senior management and have sufficient authority, stature within the organization, knowledge, background, training, and independence to perform their assigned tasks.”

In addition, several related regulatory issuances, including Section 501(b) of the Gramm-Leach-Bliley Act (GLBA), and in recent examinations, the FFIEC agencies are strongly encouraging banks to provide formal training and education for their designated Information Security Officers (ISOs), as part of the banks’ information security programs.

Since the “Interagency Guidelines Establishing Information Security Standards” (501(b) guidelines) were established, the FFIEC agencies have applied enf orcement options if financial institutions do not establish and maintain adequate information security programs.  Expect this trend to continue for banks that are unprepared, especially with the examiners’ new Information Technology Risk Examination (InTREx) Program which places new emphasis on cybersecurity preparedness.

Join us for this entertaining, informative, bank-specific session that will provide your bank’s Information Security Officer with the knowledge and confidence necessary to take on this important responsibility.

1.       Information Security Defined

2.       The Importance of Board Oversight

3.       Senior Management Responsibilities

4.       The Role of the ISO

5.       Legal and Regulatory Issues

6.       Gramm-Leach-Bliley Act (GLBA) Compliance

7.       Anatomy of the Information Security Program

8.       Performing the Information Security Risk Assessment

9.       Audit’s Role in Testing Mitigating Controls

10.    The ISO’s Role in Enterprise Risk Management (ERM)

11.    Developing and Delivering a Powerful Security Awareness Program

12.    Understanding Current Security Threats

13.    Security Best Practices

14.    Security Monitoring

15.    Incident Response

16.    Customer Response Program

17.    Information Disposal

18.    Engaging an Effective IT Audit

19.    Cybersecurity Issues

a.       FFIEC Cybersecurity Assessment Tool (CAT)

b.       Bank-specific Cybersecurity Risk Assessment

c.       Cybersecurity Assessment (in conjunction with IT Audit)

d.       Penetration Testing

e.       Vulnerability Scanning

f.        Social Engineering

20.   Service Provider Oversight

21.    Reporting to the Board of Directors or the Audit Committee

This session will appeal to Information Security Officers (ISOs), chief risk officers, auditors, compliance officers, technology & operations management, chief financial officers, board members, and anyone else responsible for information security or cybersecurity preparedness.

Instructors
Over 32 years of       experience in the financial services technology field. Former community banker. Nationally recognized   speaker, author, and teacher for the banking industry. Teaches the technology, payments, risk management and/or cybersecurity courses at six prestigious banking schools around the nation. Author of IT Auditing for Financial Institutions (2002). Co-Author of The Art of Enterprise Risk Management for Community Banks (2014). Contributor to BankersOnline (BOL Guru). Leads sessions on technology for the Sheshunoff CEO Affiliation Network and the Bank CEO Network. Graduate of Christian Brothers University with a concentration in Information Technology Management and Telecommunications.	Over 16 years of experience providing IT consulting services and solutions focusing on financial institutions. Adjunct faculty member at Christian Brothers University where he teaches Digital Forensics as part of the Cybersecurity and Digital Forensics degree program. Certified Information Systems Security Professional (CISSP), GIAC Penetration Tester (GPEN), and Systems Security Certified Practitioner (SSCP). Co-author of the SSCP Study Guide and Training System. Specializes in cyber-security assessments including penetration testing, social engineering, vulnerability scanning, and data loss prevention (DLP). Graduate of Christian Brothers University with a concentration in Information Technology Management and Telecommunications.	Over 16 years of banking experience including working in various departments of a multi-billion asset super community bank. Graduate of the University of Southern Indiana with a Bachelors of Science in Computer Information Systems. Graduate of the Paul W. Barret Jr., Graduate School of Banking. Certified in the Governance of Enterprise IT (CGEIT), Certified Information Systems Auditor (CISA), and a Certified Information Security Manager (CISM). Specializes in risk management, IT Auditing, information security, business continuity, and Bank Secrecy Act Independent Testing.	Over 10 years of experience in the banking industry. Former Senior Bank Examiner for State Banking Department (regulatory compliance, financial soundness, and risk management). Former community bank COO where he also served as his bank’s ISO. Assists banks in IT Auditing and related risk management and information security issues. Graduate of Arkansas State University with a B.S. in Finance.

Learn from four of the most experienced people in the industry.  As consultants who are doing this work in client banks every week, your instructors can discuss practice, not just theory.  Get expert interpretation, not just a reading of the regulations.  Find out how information security incidents have been handled in banks across the nation and how you can protect your bank and mitigate information security risk effectively and affordably.

Ridgeway Country Club 9800 Poplar Avenue Germantown, TN  38139 (901) 853-2247	Embassy Suites Hotel 200 Township Place Ridgeland, MS  39157 (601) 607-7112	TBA Barrett Training Center 211 Athens Way Nashville, TN  37228 (615) 244-4871

Hampton Inn, 1280 W Poplar Ave, Collierville, TN

Marriott Courtyard, 4640 Merchants Park Cir, Collierville, TN

Residence Inn, 9314 Poplar Pike, Germantown, TN

Hyatt Place, 9161 Winchester Rd, Germantown, TN

Event will be held in the Embassy Suites Hotel, 200 Township Place, Ridgeland, MS.  We have a block of rooms reserved.

MEALS:  Continental breakfast, lunch, and refreshment breaks provided.