Workshops / Seminars
Any topic you'd like us to present?
Let us know!
Join us in Education and Awareness!
We have always subscribed to the philosophy that the best mitigating
control is Awareness. Our talks and workshops are all designed to
increase your awareness of the various topics we speak about, and yet
they are also a great tool to get you started on implementing a
particular "control." Meanwhile, we also provide great tools as a
part of our sessions . . . boilerplates, links to resources, policies,
procedures, etc.
Let us know if there are any topics that you need to learn about!
One Hour Talks:
Contact us for more information about the following talks, designed to be between 60 and 90 minutes long (depending upon your itinerary):
A Flood comes One Drop at a Time: Combating fraud with ongoing security awareness training.
Avoiding the PC Time Warp: Being more effective with e-mail, web surfing, and social media.
Down and Dirty Vendor Management: What you need to do yesterday, today, and tomorrow.
Hack Attack Live: Watch while a non-technical person hacks into a website.
Internet Banking Review Basics: Implementing
an Information Security review as it pertains to e-banking, based on FFIEC
guidelines.
Outside the Branch: Next generation bank technologies.
SOS - Student Online Safety: What
parents can do to increase the safety of their children while online.
The Horse, then the Cart - Controlling Mobile Banking Risk: The top five risks with Mobile Banking and how to avoid them.
What's The Deal?: Why vendor management is so important.
Women in Business and Banking: The history and progress of women in business and banking.
Eight Hour Workshops:
The following workshops are designed to be customized to your financial
institution and delivered directly to your management team. We also
provide these workshops at the Indiana Bankers association from time to time.
Risk Management Program: Examiners have made it clear: if your management team understands the risk exposure of information and technology to your bank, you are definitely heading in the right direction. If risk is considered in all technology decision making, an effective IT risk management process has been implemented.
The
standards themselves call for a risk assessment of all information assets.
Beyond creating an inventory of assets, identifying threats and vulnerabilities,
and assessing risk mitigation techniques, an effective risk management program
puts the organization on guard in real time, in a manner that avoids threats and
vulnerabilities as much as it mitigates the unavoidable risks or unpredictable
problems.
Security Standards - Tweak the Geek Speak: Management wants documentation, but they don’t understand what we are saying. Meanwhile, we need documentation so we can remember what we did! Add on top of that the fact that the FFIEC requires the establishment of a security baseline. Specifically: “Financial institutions should develop security control requirements for new systems, system revisions, or new system acquisitions. Management will define the security control requirements based on their risk assessment process evaluating the value of the information at risk and the potential impact of unauthorized access or damage.”
This workshop will help you with standard language starting points for documenting your network configuration standards, server and network device build-config standards, password management procedures, change control procedures, patch management procedures, remote access security procedures, server hardening procedures, and wireless security procedures.
User Awareness Training:
Because Information Security is a team effort, awareness is the most important
control. Financial Institutions must maintain an appropriate Acceptable Use
Policy and teach the concepts inherent in that policy. The training should
stress the threats and vulnerabilities financial institutions face, and help
users understand their role in mitigating information security risk. According
to the FFIEC, authorized internal users should receive a copy of the [Acceptable
Use] policy and appropriate training, and signify their understanding and
agreement with the policy before management grants access to the system.
Vendor Due Diligence: Today’s financial institutions are relying heavily on vendor partners to perform tasks ranging from the mundane to handling critical processes and information, including nonpublic customer information. With this growing trend comes increasingly stringent regulations governing the security of customer data. And, according to the FFIEC, you are responsible for establishing and approving a risk-based policy to govern the vendor process.
An effective vendor management program should provide the organizational framework for Management to identify, measure, monitor, and control the risks associated with vendor relationships.
Infotex Portal Articles