This interactive seminar, presented by Texas Bankers Association (TBA) and SBS Institute, provides the latest information on evolving threats and what your bank should do to build a strong Information Security Program (ISP). We will identify components of a comprehensive ISP that enables successful IT examinations and minimizes your risk against real-world threats. The program will walk you through various FFIEC and FDIC resources, as well as industry best practices. We will also review the FFIEC Cybersecurity Assessment Tool (CAT) and the 10 common CAT baseline controls missing in most financial institutions.
La Quinta Inn & Suites San Antonio Riverwalk 303 Blum St. San Antonio, TX 78205
TIB-The Independent BankersBank 11701 Luna Road Farmers Branch, TX 75234
Description: This seminar will walk you through various FFIEC and FDIC resources, as well as other industry best practices. It will also review the FFIEC Cybersecurity Assessment Tool (CAT), and the 10 most-common CAT Baseline controls missing in most financial institutions.
- FFIEC Guidance & GLBA Overview — Guidance continues to evolve as cybersecurity challenges increase. We will review GLBA and some of the newest FFIEC regulatory requirements, including the updated CAT. These establish what must be incorporated in our ISPs. We will discuss the FFIEC Information Security Booklet and the roles and responsibilities outlined in the FFIEC Management Booklet for IT operations, information security, senior management and the board. We will also review FFIEC Mobile Financial Services Guidance included in the Retail Payments Booklet.
- Cybercrime Trends — Cybercriminals are always searching for innovative ways to steal our data and our money. This session explores the following areas to expose the complex and organized nature of cybercrime: phishing attacks, system vulnerabilities, business email compromise (BEC), ransomware and ATM fraud.
- Top 10 Missing CAT Baseline Controls — FFIEC CAT Baseline Controls provide a level of security that every financial institution needs to maintain or achieve. Learn about the most commonly missed controls and how to address those gaps. Emerging security controls and best practices to fortify our networks will also be explored.
- FDIC InTREx Overview — FDIC’s InTREx is used by the FDIC, Federal Reserve and most state banking departments as an IT exam framework. We will review how InTREx is structured, common challenges and how to prepare for your next exam. We will also compare the FFIEC CAT process against InTREx.
- Information Security Program (ISP) — All banks are required to have a written, comprehensive ISP that starts with a risk assessment. This session will review the primary components: risk assessment, documentation and audit. We will also explore how the risk assessment process drives the creation and implementation of policies, procedures and plans and how the audit process provides verification that controls are implemented and adequate.
- Cybersecurity Culture & Training Programs — The human element is an increasing target for cybercriminals and generally the weakest area in information security. Awareness, training and accountability are essential components of good security and compliance. Learn how to construct an awareness and training program for employees and customers to establish a lasting culture for protecting customer information and a desire to be successful against cybercrime.
Instructor: Chad Knutson CISSP, CRISC, CISA
President, SBS Institute
Who Should Attend: Information security officers, compliance officers, information technology staff, directors, presidents, vice presidents and auditors.
Hacker Hour webinars are a series of free webinars hosted by SBS CyberSecurity. Unlike paid webinars, Hacker Hours are aimed to meet on a monthly basis to discuss cybersecurity issues and trends in an open format. Attendees are encouraged to join the conversation and get their questions answered. SBS will also offer products and services to help financial institutions with these specific issues.