Today information systems are the lifeblood of the financial services industry. This course is designed to provide examiners with an understanding of the key components of an Information Security Program for a bank. The course opens with a brief review of Information Security and Cybersecurity and an overview of potential risks and countermeasures. The course will integrate elements of related IT examination guidance, resources, and tools (GLBA, FACTA, Part 364 appendix A, FFIEC Handbooks, NIST Cybersecurity Framework, Cybersecurity Assessment Tool, and InTREx). The course will take a detailed look at elements of an ISP including oversight roles and responsibilities. Next, the course will cover security management components and practices. Throughout the course, exercises and activities will be used to reinforce the concepts and help make the information to participants for a bank examination.
Upon completion of this course, participants will be able to:
- Explain Information Security using baseline terminology and concepts;
- Describe regulatory guidance related to information security;
- Discuss security policy design and implementation;
- Explain the role of bank management and oversight responsibilities;
- Discuss security management practices;
- Describe physical and operations security;
- Explain network controls testing, auditing, and monitoring;
- Discuss security in mobile workspace and the challenges of BYOD;
- Describe secure network design, encryption, access control, and authentication;
- Discuss firewall implementation and concepts;
- Describe vendor management security;
- Explain basic types of security issues and mitigation strategies; and
- Identify what reports to look for on a bank examination in relation to information security.
Facilitated classroom discussion and lectures
All commissioned RMS Bank Examiners
This course is open to appropriate staff of the FDIC and partner government regulatory agencies. This course is not open to the public or staff of private banks.
Attendees should have a basic knowledge of information technology and should have attended ITEC.
Post Course Feedback
For more information concerning course content and administration, please email Dr. Allen Yarbrough or call (703) 516-1235.
For questions regarding course registration, please contact the CURegistrar.