As we all know, the FFIEC has been engaged in several cybersecurity initiatives over the last several years due to the increasing volume and sophistication of cyber threats. The most recent initiative was the completion and release on June 30, 2015 of the Cybersecurity Awareness Tool.

This Tool has been designed to assist financial institutions in identifying their risks and determining their cybersecurity preparedness. Performing the assessment will assist the Board of Directors and management in enhancing the overall management and oversight of cybersecuity and the institution’s preparedness.

But what does this assessment entail and how can it be incorporated into the information security risk assessment process and the policies, programs, and plans that are already in place for information security?

Covered Topics:

• Overview of the Cybersecurity Assessment Tool's parts and process
• Review of the five Domains
• Review of the Assessment Tool
• Thoughts on the practical implementation

Who Should Attend

Board of Directors, Senior Management, Risk Officers, Information Security/Cyber Security Officers, Audit, Compliance.

The Presenter

Susan Orr is a leading financial services expert with vast regulatory, risk management, and security best practice knowledge and expertise.

As an auditor and consultant, Susan is dedicated to assisting financial institutions in implementing appropriate policies and controls to protect confidential information and comply with regulatory mandates and best practices. Her expertise as an auditor and former examiner provides her the knowledge and expertise to conduct comprehensive IT general control and data security reviews and assist de novo institutions in the vendor selection process, preparing policies and procedures, and instituting controls. She also consults for numerous security providers and vendors helping them align products and services to meet institution regulatory mandates. Susan is a Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), and Certified Risk Professional (CRP).