25 Baseline Controls Banks Struggle to Implement
Recorded: June 7, 2018 - $345 for the CD-Rom and Handouts
Thursday, June 7, 2018
10:00 am – 12:00 pm CT
Recommended for 2.5 CE Credits
The FFIEC Cybersecurity Assessment process is here to stay. At a minimum, most regulators are requiring financial institutions to complete an assessment on an annual basis. This process includes a review of an institution’s Inherent Risk Level, identification of currently implemented controls to reduce risk, and a gap analysis to identify additional controls needed to reach the institutions desired risk appetite.
Over 1000 financial institutions have completed their Cybersecurity Assessment using our complementary assessment solution. SBS has analyzed the results and identified the top 25 most common baseline controls not implemented by financial institutions. These are controls that financial institutions MUST complete regardless of their inherent risk score. This session reviews these 25 controls, as well as practical solutions your institution can use to implement these controls. We will also discuss the next steps beyond the assessment to provide a comprehensive cybersecurity framework which institutions can repeatedly follow.
- FFIEC Guidance
- Inherent Risk Assessment Process
- Cyber Maturity Process
- Top 25 Controls
- Remediation Ideas
- Tracking Progress on Controls
Who Should Attend:
Information Security Officer, IT Manager, Risk Officer, Internal Auditor, CIO, and Executives looking to understand the Cybersecurity Assessment process, common weaknesses in controls, and how to address them.
Chad Knutson is a co-founder and Senior Information Security Consultant for SBS CyberSecurity, a premier cybersecurity consulting and audit firm dedicated to making a positive impact on the banking and financial services industry, and has served as President of the SBS Institute since 2013. Chad maintains his CISSP, CISA, and CRISC certifications, and received his Bachelor of Science in Computer Information Systems and his Master of Science in Information Assurance from Dakota State University.
Chad is dedicated to educating industry professionals about cybersecurity. While consulting with financial institutions, he saw the need to empower employees to be better prepared to confidently handle cybersecurity threats, create and manage strong information security programs, and understand ever-changing regulations at their institution. He was a driving force in the development of the SBS Institute certification program, which is uniquely designed to serve the banking industry by providing banking specific, role-based certifications cyber education. The SBS Institute has grown to include over ten certifications and State Association partners in over 30 states.