Since the Gramm-Leach-Bliley Act was passed in November of 1999, financial institutions in the US have been required to build and manage an Information Security Program (ISP), based on a risk assessment, that ensures the safety of confidential customer information.
ISPs have evolved a bit over the last 20 years, however. Some of the biggest questions we hear about an ISP include: What are the major components of a modern ISP? What’s the most effective way for an ISP to be structured? How does the ISP flow together? Let’s discuss!
What You’ll Learn
- Regulatory requirements of an Information Security Program
- Major components of an ISP
- Policies vs. procedure vs. standards vs. guidelines
- How to write auditable ISP policies
- Separating out procedure from policy
- ISP reporting requirements
- Building an ISP framework than can handle anything you throw at it
Who Should Attend
This session is ideal for IT and IS professionals who are responsible for their organization’s information security program. Attendees will gain valuable insights into current cybersecurity threats, regulatory guidance, and best practices for developing a robust ISP.