Presenter: Jeff Spann, SBS CyberSecurity, LLC
FFIEC guidance has provided additional risk management expectations for financial institutions to implement. An essential component to building a successful risk management program is a solid risk assessment process. Our challenge has been to interpret the guidance into a functional assessment that the institution can effectively implement. The risk assessment must assist in making risk-based decisions and improve the strength of the Information Security Program. Guidance is clear that the risk assessment process must identify and measure inherent risks in various areas of the institution. Then account for the current controls used to appropriately manage risk. Current levels of risk must be compared against established risk appetite goals, to determine if additional controls are necessary. This risk assessment process is useful not only for conducting an organization-wide assessment for cybersecurity, but for many other aspects of information security risks.
This session will explore these regulatory resources and identify specific areas of the institution that must be assessed. Example processes will be used during the discussion to illustrate the fundamental process needed for each risk assessment type. To effectively address the growing threat concerns to our institution, we will review these 5 critical risk assessment areas:
- Cybersecurity Risk Assessment
- IT Risk Assessment
- Vendor Risk Assessment
- Commercial Account Risk Assessment
- BIA (BCP) Risk Assessment
Target Audience: Information security officer, IT manager, risk officer, internal auditor, and executives looking to improve processes for risk assessment.
This program qualifies for the following CPE Credits through the SBS Institute: 1.5 CPEs*: CBSM, CBVM ISC2*: Estimated 1.5 hrs. CISSP. ISACA*: Estimated 1.5 hrs. CISA/CISM/CRISC. *Self-Reporting