Workshops / Seminars

IT Security Standards
 

Tweak the Geek Speak
Management wants documentation, but they don’t understand what we are saying.  

Meanwhile, we need documentation so we can remember what we did!

Add on top of that the fact that the FFIEC requires the establishment of a security baseline.  Specifically:  “Financial institutions should develop security control requirements for new systems, system revisions, or new system acquisitions.  Management will define the security control requirements based on their risk assessment process evaluating the value of the information at risk and the potential impact of unauthorized access or damage.”

This workshop will help you with standard language starting points for documenting your network configuration standards, server and network device build-config standards, password management procedures, change control procedures, patch management procedures, remote access security procedures, server hardening procedures, and wireless security procedures.

Agenda

• The importance of security standards documentation.

• The policy connection: how security standards link back to higher level policies.

• A walk-through of several alternative boilerplates.

• Security Standards Portal; how to customize boilerplates to fit your own unique bank.

• IT team training.

• Testing and compliance Preparation.

Testing Processes

Time will be allotted to present training on testing procedures so that management personnel can be assured of proper compliance, BEFORE the auditors show up! 

• How-to of Network Configuration Audits

• Microsoft Security Baseline Analyze

• Nessus Scanning

Deliverables (Templates / Boilerplates)

• CD of Open Source Tools

• Patch Management Procedure

• Password Management Procedure

• Security Standards Checklists

• Server and Network Device Build/Config Standards

• Server Hardening Procedures (both internal and, for those using outsourced network support providers, instructions for them)

• RFP Templates for Various Projects

• Wireless Access Policy, Wireless Access Security Procedure

• Encryption Standards, VPN Procedure

• Remote Access Procedure and Sign-off Sheet for End Users

• Laptop Encryption Policy and Procedure

• Domain Controller Security Procedure

• Change Control Procedure

Who Should Attend

This “train the trainer” workshop is directed to information security officers, compliance personnel, training personnel, branch managers.  Anyone involved in developing training programs for how users are expected to treat Information in the bank should attend this hands-on workshop.

What You Should Bring

This workshop is directed to network engineers, IT personnel, AND THEIR SUPERVISORS.  Information security officers, compliance personnel, auditors, and people who have to wear way too many hats will also benefit.  Anyone involved in the process of translating geek-speak into proper documentation should attend this hands-on workshop.  Bring laptops!

About the Moderator

Dan Hadaway, CISA, CISM
 

Dan has worked extensively with banks on GLBA training and policy issues, engaging on projects ranging from IT Audits to Compliance Program Development.  He helps management personnel understand geek-speak. He is the Managing Partner of infotex, an Indiana Bankers Preferred Service Provider in several areas, including Information Security Training.

About the Presenters

• Sean Waugh, MCSA

• Jason Rubsam, MCSE

• Matt Jonkman, CISSP

• Others pending attendance.

Several other technical persons will be available to present, depending upon the attendance to the workshop.  All presenters will have experience not only in creating appropriate documentation for various size banks, but also in testing for compliance against that appropriate documentation.

Infotex Portal Articles

For Security News and Updates, visit my.infotex.com