Webinars

The FSSCC has released a new cybersecurity framework called the “Cybersecurity Profile.” The Profile is a standards-based tool to help guide financial services institutions in developing and maintaining a cybersecurity risk management program.  The new framework option has people asking a lot of questions:

• How is it different than the Cybersecurity Assessment Tool?
• Will it be used by US regulators?
• Is it more efficient than the other frameworks on the market today?

Join SBS as we review the framework and provide answers to these and other common questions.

Date: Wednesday, December 19, 2018
Time: 2:00 - 3:00 PM CST
Price: Free
Date not work for you? That's ok! All registrants will receive the webinar recording.

Description: With the new year quickly approaching, it's time to start looking forward to what will be coming our way in the world of cybersecurity. Join SBS as we countdown the top cybersecurity trends to watch in 2019.

Complete this form to register:
Note: Please use your business email address. Registrations are reviewed and generic email domains may be canceled. 

Trouble viewing the form? Register at https://attendee.gotowebinar.com/register/8063974803698860555

While most horror stories are works of fiction designed to keep you up at night, the horror stories we will be sharing are real-life cybersecurity events with outcomes that will haunt your dreams if you aren't properly prepared. Join SBS, if you dare, as we wander deep into the dark and scary corners of cybersecurity, full of data loss, reputational damage, business closing, and financial devastation. We will share a variety of cybersecurity horror stories and what could have been done to prevent the unfortunate outcomes. 

We are bringing it back!  Last year, as part of our celebration of National Cybersecurity Awareness Month, SBS hosted a special Hacker Hour that featured a virtual security awareness round table.  We focused the discussion on building a stronger security culture in your organization. In the end, over 300 registrants shared ideas that we put into a free downloadable guide called "34 Unique Ideas to Create a Culture of Cybersecurity."

We would like to invite you to join us for this open discussion as we discover new security awareness ideas and techniques that are helping organizations create a stronger security culture.  An updated download documenting the 2018 ideas for creating a culture of cybersecurity will be shared following the webinar.

A Business Impact Analysis (BIA) is the first and most important step to creating an effective Business Continuity Plan, yet many organizations skip or skim through it. Join SBS as we examine the essential components of a simple, but powerful, BIA and discuss how your table top testing program can be used to verify that your BIA is sufficient.

The heavy adoption of the FFIEC CAT Tool, the release of the INTREX examination procedures, and the unrelenting focus on cybersecurity have caused financial institutions to be a little more anxious about their upcoming IT examinations. 

Fortunately, SBS works with institutions in nearly every state, so we have seen a very wide, but consistent, set of examination findings that your financial institution should know about.

Join this webinar as we discuss our experience and share some ideas of what you can do to better position your institution for a successful IT examination.

Every year SBS send its finest to Las Vegas to the annual DEF CON convention, which is one of the oldest and largest hacker conventions around. These annual conferences feature presentations by leading ethical hackers, FBI, and NSA agents. Join this special edition hacker hour as we discuss what we experienced at 2018 DEF CON, and what could impact you in the near future.

Topics will include:
- Kids hacking voting machines
- Social engineering village
- New way of accessing online banking data using OFX 
- Bypassing two-factor authentication by hacking voicemail
- NSA warnings

According to our research, the development of a Data Flow Diagram (DFD) is one of the most commonly missed baseline statements in the FFIEC Cybersecurity Assessment Tool. Many organizations struggle to find the value in a DFD and have a hard time getting started.

Join SBS as we discuss the guidance around DFDs and walk through examples of how you can create a DFD for your organization - and get value from it.

NOTE: Unfortunately, we had technical difficulty with the video recording of the live Hacker Hour. A CyberByte video of the topic was recorded in its place.

Research shows that 96% of the internet is not accessible by search engines like Google or Yahoo, and that number is growing at a much faster rate than the surface web. What does that mean for us? 

Join SBS as we get caught up with what is going on in the dark web. We will discuss how the dark web started, who uses it, and why everyone should be aware of what's lurking in it.

It has been seven years since the term "Corporate Account Take Over" or CATO took the industry by surprise and challenged financial institutions to do more to help secure their small business customers. Is CATO still happening today? You bet it is. 

Join SBS as we review guidance centered on CATO and walk through recent types of CATO that are challenging financial institutions.

According to the latest Verizon Data Breach Report, there were over 53,000 security incidents and 2,200 registered data breaches in 2017, which is an increase of about 20% from the year prior.

The increased probability of your organization experiencing a cyber incident enhances the need to create and maintain an incident response plan that can detect, contain, and eliminate the issue, then fully recover business operations. All while minimizing the overall reputational and financial damage to the company.

Join SBS for this free webinar in which we will discuss best practices to write and test your incident response plan.  We will also walk through some common scenarios that should be considered in your plan.

Regulators have made it clear that cybersecurity risk management and oversight is ultimately the responsibility of the Board of Directors. In theory, it makes sense for the board to be interested and engaged in what is going on in cybersecurity, however, that is not the case in some situations. 

For this Hacker Hour, we went straight to the source. We asked a selection of past Hacker Hour attendees to share the most common issues they struggle with when communicating cybersecurity needs to their Board. The responses fell into three main categories: 

• Frequency of FFIEC Cybersecurity Assessment completion and utilization of risk assessment data. 
• Information that should be provided to the Board on a consistent basis. 
• Tips for engaging and educating the Board. 

Join this month's Hacker Hour as we discuss how to boost cybersecurity from its hiding spot in the basement to a consistent topic in the boardroom.

Brian Krebs recently published an article sounding the alarm on security practices of third-party relationships that financial institutions depend on. As we all know vendor management is a challenge, and Krebs covers some great examples of how poor practices of your vendors can affect your security program, and potentially your reputation.

Join us to review this story and the challenges financial institutions face. There are many things we can do to improve our communications with our customers, strengthen vendor management programs, and reduce risks of sensitive information being disclosed in large data breaches like Equifax. 

This webinar will cover:

• Overview of the Krebs Story
• Big Beach Review, including Equifax's updated numbers
• Additional real-world examples of questionable vendor practices
• Improving vendor management processes
• Ideas to create vendor accountability
• Customer Communication

Read our take on Krebs' article in the blog post Sounding the Alarm on Poor Vendor Practices.

A written Information Security Program is required for organizations that are subject to GLBA scrutiny, however, it is also the linchpin for ANY organization to successfully protect sensitive data. Join SBS as we discuss the key components of a strong Information Security Program and explore the issues organizations have in designing and maintaining their program. We will also have a conversation about if and where Virtual CISO services could fit into your business. 

All attendees will receive an example blueprint of an Information Security Program as well as an example GLBA report.

Penetration testing continues to be a crucial component of a strong information security program, but not all penetration tests are created equal. It is crucial that your organization understands what value to expect from the testing. 

Join SBS as we walk step by step through the penetration testing process and discuss how your organization can be confident that you are getting value out of your current penetration testing program. We will also address the difference between a traditional penetration test and more modern approaches.

From the time the ball dropped to ring in the new year until you completed your final Cyber Monday purchase, cybersecurity breaches have been a staple on your newsfeed. What stands out with the cyber events of 2017 has been the sheer number of people affected. Millions of consumers had their personal information compromised and no industry was safe from experiencing a breach. What can you do to keep your organization out of the news and your customer data safe? 

Join SBS as we review the top five cybersecurity events of 2017 and what we can learn from them. 

The FBI has recently released an alert regarding “Unlimited Operation” attacks increasing against U.S. financial institutions. What do you need to know?

This session will provide detailed information on how to prevent the latest information security threats or ways to mitigate the latest vulnerabilities.

A well-developed IT Audit Program will govern this process and provide the Board of Directors with assurances that the Information Security Program is implemented and working. This session will examine in more detail how the IT Audit Program integrates with the Information Security Program.

Understanding how the internet is leveraged for crime gives us a better understanding of how to protect our institutions. This webinar will also explore the types of cybercrime affecting financial intuitions and how to counter these risks.

In this presentation, we will review both FFIEC CAT and InTREx processes; best practices using each, comparison of their differences, and how to leverage them together.

Knowing what threats are realistic for your institution and how to detect them is a challenging task. In this session we will explore possible threats that we should be prepared for and how to build a program to protect against them.

Join this session to see how the risk assessment process can not only be useful for conducting an organization-wide assessment for cybersecurity, but for many other aspects of information security risks.

Our upcoming webinar is a quick, no obligation way to learn more about our Certified Banking Security Manager course and the many benefits of certification to you and your institution. See why so many banking professionals rely on SBS Institute for their security training and education.

Explore traditional ways education has been deployed and look to improve those processes with more advanced and effective methods of patching our people. We will also look at best practices for addressing similar issues with business customers and highlight common educational practices.

A solid understanding of all the cybersecurity-related guidance released by FFIEC is key in ensuring all aspects of cybersecurity compliance are being addressed at your institution.

Cybercriminals know ATMs are loaded with cash and are investing significant resources in exploiting systems to extract the money. This session is intended to ensure that ATM security has moved up on your radar and been properly integrated into your risk assessment program.

The FFIEC Cybersecurity Assessment guidance has introduced a new term for our risk management practice: External Dependency Management. We will explore this new term in our guidance and better understand the requirements provided.

SBS has analyzed and identified the top 25 most common baseline controls not implemented by financial institutions. These are controls that financial institutions MUST complete regardless of their inherent risk score. This session reviews these 25 controls, as well as practical solutions your institution can use to implement these controls.

This discussion demonstrates a practical approach to business continuity and disaster recovery that builds upon your IT risk assessment.

Your information security program can be more than a document created for compliance. We will help develop a program that provides your institution with clear direction and guidance that meets and exceeds regulatory expectations while addressing real-world risks.

FFIEC Cybersecurity Assessments Tool encourages financial institutions to expand questioning around third party risk management practices and suggests more rigorous oversight. This webinar will explore best practices for Vendor Management, Third Party Risk Management, and Customer Risk Management.

Demos are held on Thursday of each week. You can pick a date that works for you upon registering. Join this webinar to discover the power of TRAC and easily create your company's detailed IT risk assessment. Develop your inherent risk, residual risk, and future risk scores that help make sound business decisions.

Demos are held on Thursday of each week. You can pick a date that works for you upon registering. Join this webinar to discover the power of TRAC and how it centralizes and manages all of your vendor relationships. We will walk through the risk assessment and selection process, and discuss how TRAC can instantly improves your ability to manage vendors.

Demos are held on Wednesday of each week. You can pick a date that works for you upon registering. Join this webinar to view a demo of the software and learn how SBS can partner with you to create a stronger security awareness program.