Information Security Officer (ISO) Education

Transcription

1 Information Security Officer (ISO) Education October 16, 2018 TBA Barrett Training Center Nashville, Tenn.

2 Information Security Officer (ISO) Education October 16, 2018 TBA Barrett Training Center Nashville, Tenn. Has your bank provided formal continuing education for your designated Information Security Officer (ISO)? If not, expect this to be an issue in your next IT examination. As noted in the recent updates to the FFIEC IT booklet on information security, Management should designate at least one information security officer responsible for implementing and monitoring the information security program. Further, the guidance notes, Information security officers should report directly to the board or senior management and have sufficient authority, stature within the organization, knowledge, background, training, and independence to perform their assigned tasks. In addition, several related regulatory issuances, including Section 501(b) of the Gramm-Leach-Bliley Act (GLBA), and in recent examinations, the FFIEC agencies are strongly encouraging banks to provide formal training and education for their designated Information Security Officers, as part of the banks information security programs. Since the Interagency Guidelines Establishing Information Security Standards (501(b) guidelines) were established, the FFIEC agencies have applied enforcement options if financial institutions do not establish and maintain adequate information security programs. Expect this trend to continue for banks unprepared, especially with the examiners new Information Technology Risk Examination (InTREx) Program that places new emphasis on cybersecurity preparedness. Join us for this entertaining, informative, bank-specific session that will provide your bank s information security officer with the knowledge and confidence necessary to take on this important responsibility. At the end of the day, leave the seminar with a reference manual that you can use ongoing. Who Should Attend This seminar was developed for cybersecurity and information security professionals: IT managers, risk management professionals and internal auditors and risk and audit committee members as well as those interested in learning more about information security.

3 Agenda 8:30 9 a.m. Registration/Continental Breakfast 9 a.m. Noon Session Begins Information security defined The importance of board oversight Senior management responsibilities The role of the ISO Legal and regulatory issues Gramm-Leach-Bliley Act (GLBA) compliance Anatomy of the information security program Performing the information security risk assessment Audit s role in testing mitigating controls The ISO s role in Enterprise Risk Management (ERM) Developing and delivering a powerful security awareness program Noon Lunch 1 4 p.m. Session Resumes Understanding current security threats Security best practices Security monitoring Incident response Customer response program Information disposal Engaging an effective IT audit Cybersecurity issues Cybersecurity threat trends FFIEC Cybersecurity Assessment Tool (CAT) Bank-specific cybersecurity risk assessment Cybersecurity assessment (in conjunction with IT audit) Penetration testing Vulnerability scanning Social engineering Service provider oversight Reporting to the board of directors or the audit committee 4 p.m. Adjourn

4 Instructors from Sawyers & Jacobs, LLC Jimmy Sawyers Chairman & Co-Founder More than 32 years experience in the financial services technology field Former community banker Teaches the technology, payments, risk management and/or cybersecurity courses at five banking schools around the nation Author of IT Auditing for Financial Institutions (2002) Co-author of The Art of Enterprise Risk Management for Community Banks (2014) Contributor to BankersOnline (BOL Guru) Leads sessions on technology for the Sheshunoff CEO Affiliation Network and the Bank CEO Network Graduate of Christian Brothers University with a concentration in information technology management and telecommunications Joshua Jacobs President & Co-Founder More than 16 years experience providing IT consulting services and solutions focusing on financial institutions. Adjunct faculty member at Christian Brothers University where he teaches digital forensics as part of the cybersecurity and digital forensics degree program Certified Information Systems Security Professional, GIAC Penetration Tester, and Systems Security Certified Practitioner Co-author of the SSCP Study Guide and Training System Specializes in cybersecurity assessments including penetration testing, social engineering, vulnerability scanning, and data loss prevention Graduate of Christian Brothers University with a concentration in information technology management and telecommunications Jason Corder Vice President More than 10 years experience in the banking industry Former senior bank examiner for Tennessee State Banking Department (regulatory compliance, financial soundness, and risk management) Former community bank chief operations officer where he also served as his bank s ISO Assists banks in IT Auditing and related risk management and information security issues Certified Public Accountant (CPA) Certified Information Systems Auditor (CISA) Graduate of Arkansas State University with a B.S. degree in finance.

5 Continuing Education Credit Attendees quality for 6.5 hours of Continuing Professional Education (CPE) credit in the area of Specialized Knowledge. In accordance with the standards of the National Registry of CPE Sponsors, CPE credits have been granted based on a 50-minute hour. For more information regarding administrative policies or complaints, please contact our offices at This program has not been pre-approved for continuing education (CE) credit by ABA Professional Certifications. Attendees who require CE credits should go to aba.com/training/certifications/pages/ceproviders.aspx for further instructions. General Information Visit TNBankers.org/education/events for information on hotels, attire, special needs, cancellation policy, inclement weather policy, continuing education credit information, photo policy, and antitrust policy. Additional Information Advance Preparation: No advance preparation required for this program. Prerequisites: No prerequisites required for this program. Program Level: Intermediate to advanced Delivery Method: Group-Live

6 Hotel Information TBA has not blocked hotel accommodations for this program. The hotels listed below are close to the program site for those who need overnight accommodations. Please call the hotel for room rates and to make reservations: Fairfield Inn & Suites 100 French Landing Drive Offers TBA corporate rates of $139(King Standard), $144 (Double Queen Standard), or $154 (King Suite) Includes expanded continental breakfast SpringHill Suites Marriott Nashville MetroCenter 250 Athens Way Offers TBA corporate rates of $170 Includes continental breakfast Program Fees TBA Members / Associate Members Nonmembers Early Registration $255 $510 Early registration deadline is October 1. Registration $305 $560 Day-of-Program $355 $610 Fee covers instruction, reference manual, refreshment breaks, and lunch. The TBA office must receive early registrations by close of business on October 1. Please register early. Day-of-program registrants will be assessed a $50 late registration fee. No written confirmation of seminar registration will be sent from the TBA. Participation in TBA programs is limited to members, associate members, and nonmembers from an eligible membership category at applicable member or nonmember rates. TBA Contact For more information about this conference, please contact: Monique Jenkins Director of Education mjenkins@tnbankers.org or Or visit our website at

7 Information Security Officer (ISO) Education October 16, 2018 TBA Barrett Training Center Nashville, Tenn. Please print or type. LAST 4 DIGITS ONLY MUST BE INCLUDED For educational tracking purposes only. 1. Name Nickname Title SS# 2. Name Nickname Title SS# 3. Name Nickname Title SS# Company Address City State Zip Phone Fax Contact TBA Members / Associate Members Nonmembers Early Registration $255 $510 Early registration deadline is October 1. Registration $305 $560 Day-of-Program $355 $610 2 WAYS TO REGISTER! 1. Register online with a credit card or ACH at 2. Mail this form with a check made payable to the Tennessee Bankers Association to the address on the right. Mail form and payment to: Tennessee Bankers Association Attn: Monique Jenkins 211 Athens Way, Ste 100 Nashville, TN or