Skip Header
U.S. flag

An official website of the United States government

Regulations and Examinations

Continuing IT Training Program - Introduction to Security

Last Updated: March 11, 2022

Program Overview

Today information systems are the lifeblood of the financial services industry.  This course is designed to provide examiners with an understanding of the key components of an Information Security Program for a bank. The course opens with a brief review of Information Security and Cybersecurity and an overview of potential risks and countermeasures.   The course will integrate elements of related IT examination guidance, resources, and tools (GLBA, FACTA, Part 364 appendix A, FFIEC Handbooks, NIST Cybersecurity Framework, Cybersecurity Assessment Tool, and InTREx).  The course will take a detailed look at elements of an ISP including oversight roles and responsibilities. Next, the course will cover security management components and practices.   Throughout the course, exercises and activities will be used to reinforce the concepts and help make the information to participants for a bank examination.

Key Objectives

Upon completion of this course, participants will be able to:

  • Explain Information Security using baseline terminology and concepts;
  • Describe regulatory guidance related to information security;
  • Discuss security policy design and implementation;
  • Explain the role of bank management and oversight responsibilities;
  • Discuss security management practices;
  • Describe physical and operations security;
  • Explain network controls testing, auditing, and monitoring;
  • Discuss security in mobile workspace and the challenges of BYOD;
  • Describe secure network design, encryption, access control, and authentication;
  • Discuss firewall implementation and concepts;
  • Describe vendor management security;
  • Explain basic types of security issues and mitigation strategies; and
  • Identify what reports to look for on a bank examination in relation to information security.

Instructional Format

Facilitated classroom discussion and lectures


Four days



Target Audience

All commissioned RMS Bank Examiners

This course is open to appropriate staff of the FDIC and partner government regulatory agencies. This course is not open to the public or staff of private banks.


Attendees should have a basic knowledge of information technology and should have attended ITEC.

Pre-Course Assignment


Special Requirements


Post Course Feedback




More Information

For more information concerning course content and administration, please email Dr. Allen Yarbrough or call (703) 516-1235.

For questions regarding course registration, please contact the CURegistrar.