Webinars

Note: Webinars begin with a short Threat Update from the SBS Incident Response Center sharing what they are seeing in the world of incident response.

Quarterly firewall audits have been a baseline requirement for compliance since 2015 when the FFIEC Cybersecurity Assessment Tool (CAT) was released. Unfortunately, the FFIEC Information Security Booklet leaves much to the imagination on how, what, and where to conduct these firewall audits.  This lack of guidance has caused anxiety and confusion for some financial institutions.

Join SBS as we discuss what your organization can do to meet the baseline requirement and explore how other organizations are managing quarterly firewall audits - both internally and with their managed service providers (MSP).

Many organizations are implementing valuable internal phishing programs in order to ensure their employees can spot and report phishing emails.  At some point, organizations struggle with how to continue to challenge their employees and keep the phishing emails fresh.

Join SBS as we discuss tips and tricks to keep your internal phishing program fresh and continually push the maturity level of your security awareness program.

Cybercriminals and software companies are in a race to the finish line - finding a vulnerability - with very different ideas of what winning the race means. Software companies are looking to cross the finish line first by identifying a vulnerability and releasing a patch to protect against an exploit. While the criminal is looking to "win" by exploiting any unpatched systems. As a result, we are seeing more organizations of all shapes and sizes looking to implement a more robust scanning program to identify any unpatched vulnerabilities and protect the integrity of their network.
 
Join SBS as we discuss the answers to your common vulnerability assessment questions and offer guidance on what you can do with your program.

You asked for it.  You got it!  Join us as we host a second session on SOC 2 reporting.  We will take a deeper dive into the challenges of completing a SOC 2 review.

Join us as we discuss the struggles that organizations have when dealing with SOC 2 reporting. We will review what a SOC 2 report entails, why they are important, tips on going through the review process, and how to read and document responses. Registrants will also receive a SOC 2 questionnaire.

Business email compromise (BEC) is a scam where an attacker sends an email that appears to be from an executive in an attempt to trick recipients into clicking a malicious link, sharing sensitive information, or even sending money directly to the attacker. The FBI recently warned that this type of attack has cost U.S. businesses more than $1.6 billion in losses over the past six years. In 2018 we saw BEC become one of the leading attack types, mainly because of how difficult it is to detect.

Join SBS as we discuss common BEC attacks, tips to tell your customers, and simple steps in an initial  BEC investigation.

The “Gramm-Leach Bliley Act” (GLBA), also known as the Financial Services Modernization Act of 1999, mandates that financial institutions protect the confidentiality and security customer personally identifiable financial information.  Communicating to the Board of Directors what was truly accomplished during the past year in an annual state-of-information-security report allows them to understand and approve how the organization is complying with GLBA. Creating a repeatable, specific GLBA report template will improve the efficiency of the reporting process and relieve some of the stress of aggregating all the data needed for a comprehensive report. 
 

Join SBS as we outline a comprehensive and repeatable template that can be used to build your own annual GLBA report. We will walk through the essential report components and troubleshoot common issues.

The FSSCC has released a new cybersecurity framework called the “Cybersecurity Profile.” The Profile is a standards-based tool to help guide financial services institutions in developing and maintaining a cybersecurity risk management program.  The new framework option has people asking a lot of questions:

• How is it different than the Cybersecurity Assessment Tool?
• Will it be used by US regulators?
• Is it more efficient than the other frameworks on the market today?

Join SBS as we review the framework and provide answers to these and other common questions.

With the new year quickly approaching, it's time to start looking forward to what will be coming our way in the world of cybersecurity. Join SBS as we countdown the top cybersecurity trends to watch in 2019.

While most horror stories are works of fiction designed to keep you up at night, the horror stories we will be sharing are real-life cybersecurity events with outcomes that will haunt your dreams if you aren't properly prepared. Join SBS, if you dare, as we wander deep into the dark and scary corners of cybersecurity, full of data loss, reputational damage, business closing, and financial devastation. We will share a variety of cybersecurity horror stories and what could have been done to prevent the unfortunate outcomes. 

We are bringing it back!  Last year, as part of our celebration of National Cybersecurity Awareness Month, SBS hosted a special Hacker Hour that featured a virtual security awareness round table.  We focused the discussion on building a stronger security culture in your organization. In the end, over 300 registrants shared ideas that we put into a free downloadable guide called "34 Unique Ideas to Create a Culture of Cybersecurity."

We would like to invite you to join us for this open discussion as we discover new security awareness ideas and techniques that are helping organizations create a stronger security culture.  An updated download documenting the 2018 ideas for creating a culture of cybersecurity will be shared following the webinar.

A Business Impact Analysis (BIA) is the first and most important step to creating an effective Business Continuity Plan, yet many organizations skip or skim through it. Join SBS as we examine the essential components of a simple, but powerful, BIA and discuss how your table top testing program can be used to verify that your BIA is sufficient.

The heavy adoption of the FFIEC CAT Tool, the release of the INTREX examination procedures, and the unrelenting focus on cybersecurity have caused financial institutions to be a little more anxious about their upcoming IT examinations. 

Fortunately, SBS works with institutions in nearly every state, so we have seen a very wide, but consistent, set of examination findings that your financial institution should know about.

Join this webinar as we discuss our experience and share some ideas of what you can do to better position your institution for a successful IT examination.

Every year SBS send its finest to Las Vegas to the annual DEF CON convention, which is one of the oldest and largest hacker conventions around. These annual conferences feature presentations by leading ethical hackers, FBI, and NSA agents. Join this special edition hacker hour as we discuss what we experienced at 2018 DEF CON, and what could impact you in the near future.

Topics will include:
- Kids hacking voting machines
- Social engineering village
- New way of accessing online banking data using OFX 
- Bypassing two-factor authentication by hacking voicemail
- NSA warnings

According to our research, the development of a Data Flow Diagram (DFD) is one of the most commonly missed baseline statements in the FFIEC Cybersecurity Assessment Tool. Many organizations struggle to find the value in a DFD and have a hard time getting started.

Join SBS as we discuss the guidance around DFDs and walk through examples of how you can create a DFD for your organization - and get value from it.

NOTE: Unfortunately, we had technical difficulty with the video recording of the live Hacker Hour. A CyberByte video of the topic was recorded in its place.

Research shows that 96% of the internet is not accessible by search engines like Google or Yahoo, and that number is growing at a much faster rate than the surface web. What does that mean for us? 

Join SBS as we get caught up with what is going on in the dark web. We will discuss how the dark web started, who uses it, and why everyone should be aware of what's lurking in it.

Regulators have made it clear that cybersecurity risk management and oversight is ultimately the responsibility of the Board of Directors. In theory, it makes sense for the board to be interested and engaged in what is going on in cybersecurity, however, that is not the case in some situations. 

For this Hacker Hour, we went straight to the source. We asked a selection of past Hacker Hour attendees to share the most common issues they struggle with when communicating cybersecurity needs to their Board. The responses fell into three main categories: 

• Frequency of FFIEC Cybersecurity Assessment completion and utilization of risk assessment data. 
• Information that should be provided to the Board on a consistent basis. 
• Tips for engaging and educating the Board. 

Join this month's Hacker Hour as we discuss how to boost cybersecurity from its hiding spot in the basement to a consistent topic in the boardroom.

We will explore the different types of SOC reports provided by vendors and highlight the best items that should be requested from vendors. Each of these reports serves a different purpose and will provide different value to your institution.

In this session, we will explain the differences between ATM Jackpotting and ATM Unlimited Operation. We will also explore some of the guidance around ATMs, the latest ATM crime trends, new security controls to mitigate risk, and how you can integrate your ATMs into your Information Security Program.

This session will examine in more detail how the IT Audit Program integrates with the Information Security Program.

This session reviews these 25 most common baseline controls not implemented by financial institutions, as well as practical solutions your institution can use to implement these controls. We will also discuss the next steps beyond the assessment to provide a comprehensive cybersecurity framework which institutions can repeatedly follow.

Join us to review the proposed changes to the safeguard controls, scope of covered entities, how you can make comments on the proposed changes, and insight into the impacts on our banks, critical vendors, and business in our communities.

In recent years, financial institutions have seen a significant amount of new guidance on third party risk management and new terms coined such as Fourth Party Management. We will explore best practices for Vendor Management, Third Party Risk Management, Fourth Party Management and Customer Risk Management.

In addition to the guidance, we will explore applied risk management concepts for mobile banking solutions. Focus will include Mobile Risk Assessments, integration into Information Security Programs, Third Party Risk Management, and effective IT Auditing.

This discussion will overview different types of incidents that are more frequent for financial institutions and illustrate how to prepare for them.

Join us in this discussion to learn about trending issues with ransomware and best practices to prepare for an attack.

In this presentation, we will review both FFIEC CAT and InTREx processes; best practices using each, comparison of their differences, and how to leverage them together.

Our upcoming webinar is a quick, no obligation way to learn more about our Certified Banking Security Manager course and the many benefits of certification to you and your institution. See why so many banking professionals rely on SBS Institute for their security training and education.

Your information security program can be more than a document created for compliance. We will help develop a program that provides your institution with clear direction and guidance that meets and exceeds regulatory expectations while addressing real-world risks.

FFIEC Cybersecurity Assessments Tool encourages financial institutions to expand questioning around third party risk management practices and suggests more rigorous oversight. This webinar will explore best practices for Vendor Management, Third Party Risk Management, and Customer Risk Management.

Demos are held on Thursday of each week. You can pick a date that works for you upon registering. Join this webinar to discover the power of TRAC and easily create your company's detailed IT risk assessment. Develop your inherent risk, residual risk, and future risk scores that help make sound business decisions.

Demos are held on Thursday of each week. You can pick a date that works for you upon registering. Join this webinar to discover the power of TRAC and how it centralizes and manages all of your vendor relationships. We will walk through the risk assessment and selection process, and discuss how TRAC can instantly improves your ability to manage vendors.

Demos are held on Wednesday of each week. You can pick a date that works for you upon registering. Join this webinar to view a demo of the software and learn how SBS can partner with you to create a stronger security awareness program.