Browse by Category

Conducting a Risk-based Audit of IT Security: Complying with FFIEC Guidance
Gary Deutsch

A look at the Federal Financial Institutions Examination Council (FFIEC) revised Information Security booklet

Price: $299.00
Conducting a Risk-based Audit of IT Security: Complying with FFIEC Guidance

The Federal Financial Institutions Examination Council (FFIEC) recently issued a revised Information Security booklet, updating the council’s Information Technology Examination Handbook. The update addresses how to:

  • Assess the level of security risks facing a financial institution’s information systems
  • Assess the status of an information security program’s integration into the institution’s overall risk management program
  • Effectively identify, monitor and respond to cyber threats and incidents

 

According to the FFIEC, information security is a “process” that institutions have to follow. More specifically, institutions have to protect how their sensitive information is:

  • Created
  • Collected
  • Used
  • Disposed

 

Information security also requires having the appropriate hardware and infrastructure to store and transmit the information.

To comply with the FFIEC’s guidance, institutions need to have a plan in place to demonstrate that they can effectively manage the confidentiality, integrity, and availability of sensitive information. Serious violations could result in a consent order since the regulators consider weaknesses to be a safety and soundness issue.

Management’s plan has to address the risk of malicious and non-malicious actions that could adversely impact earnings, capital, or enterprise value. Of concern to the regulators is the potential for:

  • Disclosing sensitive information to unauthorized individuals
  • Increased exposure to misappropriation or theft of information or services
  • Attacks that could degrade services or even render them unavailable
  • Unchecked modification or destruction of systems or information
  • Records that are not timely, accurate, complete, or consistent Information security has become a mission critical obligation for financial institutions. Internal audit, as well as managers that are responsible for implementing security measures, need to conduct periodic audits to ensure compliance with FFIEC guidance.

 

WHAT YOU’LL LEARN

During this important webinar, our speaker will discuss conducting audit procedures related to:

  • Assessing the adequacy of board and senior management support
  • Evaluating the integration of security activities and controls throughout the institution’s business processes
  • Assessing the adequacy of accountability for carrying out security responsibilities
  • Determining the adequacy of cybersecurity measures
  • Evaluating the effectiveness of security controls
  • Evaluating the institution’s ability to react appropriately to mitigate threats as technologies and business conditions evolve
  • Evaluating the enterprise risk management approach for integrating processes, people, and technology to maintain a risk profile consistent with the board’s risk appetite
  • Determining the effectiveness of oversight and controls related to outsourced IT security functions
Price: $299.00

SHARE THIS

PRESENTER

Gary Deutsch

WHAT'S INCLUDED

  • Access your training anywhere, with a computer, tablet or smartphone.
  • Engaging and up-to-date training to support your career and your organization.
  • Handouts you can distribute to your board and staff.