Cybersecurity Seminar - Lexington

October is Cybersecurity Awareness Month!

Seminar 9 a.m. - 4 p.m. local time. Registration begins at 8:30 a.m. with breakfast.

We will identify components of a comprehensive Information Security Program that enables successful IT Examinations and minimizes your risk against real-world threats. This seminar will walk you through various FFIEC and FDIC resources, as well as other industry best practices. It will also review the FFIEC Cybersecurity Assessment Tool (CAT), and the 10 most-common CAT Baseline controls missing in most financial institutions.

FFIEC Guidance and GLBA Overview

Banking guidance continues to evolve as our cybersecurity challenges increase. Sometimes it seems that cybersecurity challenges are growing faster than we are evolving. We will review GLBA requirements and highlight some of the newest regulatory requirements from the FFIEC, including the updated CAT. These will establish the foundation of what must be incorporated in our Information Security Programs. We will discuss the FFIEC Information Security Booklet and its 21 security controls; the FFIEC Management Booklet and the roles and responsibilities it outlines for IT Operations vs. Information Security, as well as Senior Management and the Board; and the FFIEC Mobile Financial Services Guidance, which is included in the Retail Payments booklet.

Cybercrime Trends

Cybercriminals are always searching for innovative ways to steal our data and our money. Sometimes existing techniques are improved, as we have seen with sextortion phishing scams, and sometimes there are new attack vectors that are surface, as with ATM Jackpotting and Unlimited Operations. We will explore the following areas to expose the complex and organized nature of cybercrime:
  • Phishing Attacks
  • System Vulnerabilities
  • Business Email Compromise (BEC)
  • Ransomware
  • ATM Fraud
Top 10 Missing CAT Baseline Controls

The Federal Financial Institutions Examination Council (FFIEC) updated the Cybersecurity Assessment Tool (CAT) in June of 2017, and the CAT continues to be an active part of regulatory exams. Within the CAT, the Baseline controls are a level of security that every financial institution needs to maintain or achieve. We will review the most commonly missed Baseline controls, and how institutions might address those gaps. There are also great new security controls emerging in our industry, and we will explore some of these best practices to fortify our networks.

FDIC InTREx Overview

FDIC's InTREx (Information Technology Risk Examination) was published in 2016 and is being used by the FDIC, Federal Reserve, and most State banking regulatory departments as an IT exam framework. We will review how InTREx is structured, common challenges, and how to prepare for your next examination by reviewing InTREx. There is a common set of documentation referenced within InTREx, and we will extract those items and review the other controls towards which InTREx guides institutions. We will also compare the FFIEC CAT process against InTREx.

Information Security Programs

All banks are required to have a written, comprehensive Information Security Program that starts with a risk assessment. This section will overview the primary components of an Information Security Program to ensure your organization has a solid foundation on which to build its information security governance. With a risk-based Information Security Program, there are three major elements: Risk Assessment, Documentation, and Audit. We will explore these three areas, as well as how the risk assessment process drives the creation of documented policies, procedures, and plans that the institution can then implement. We will also discuss how the audit process then provides verification that those controls are both implemented and adequate.

Cybersecurity Culture and Training Programs

The human element of information security is an increasing target for cybercriminals and generally considered the weakest area in information security. Security awareness and training on proper protocols is an essential element of good security and regulatory compliance. We will discuss many methods of constructing an adequate security awareness and training program for both employees of your bank and customers of your online products and services. Awareness to cybersecurity issues, training on what is expected, and clear accountability for employees and management responsible for protecting customer information. These elements can help establish a lasting culture that includes a passion for protecting customer information and a desire to be successful against cybercrime.

Who Should Attend

This seminar is perfect for Information Security Officers and Information Technology Staff, but will also provide great value to Compliance Officers, Auditors, Presidents and Board of Directors.

Cancellation Policy

Cancellations received more than 30 days prior to the event will receive a full refund. Cancellations received between 29 days and 10 days prior to the event will be charged a $50 processing fee. There will be no refund for cancellations received less than 10 days prior to the event. Substitutions are always welcome and encouraged. All cancellations and substitutions must be submitted in written format prior to the event.
When
10/17/2019 - 10/17/2019
Where
Indiana Wesleyan
2530 Sir Barton Way
Lexington, KY

About the Speaker(s)

 List View Contact
Mr. Chad Knutson
Chad Knutson
SBS CyberSecurity, LLC

Sign In