the emergence of the iso in community banking
play

The Emergence of the ISO in Community Banking Patrick H. Whelan CISA - PowerPoint PPT Presentation

Nov 18, 2023 •243 likes •650 views

THE MARKET LEADER IN IT, SECURITY AND COMPLIANCE SERVICES FOR COMMUNITY FINANCIAL INSTITUTIONS The Emergence of the ISO in Community Banking Patrick H. Whelan CISA IT Security & Compliance Consultant Agenda Brief Introduction

  1. THE MARKET LEADER IN IT, SECURITY AND COMPLIANCE SERVICES FOR COMMUNITY FINANCIAL INSTITUTIONS “The Emergence of the ISO in Community Banking” Patrick H. Whelan – CISA IT Security & Compliance Consultant

  2. Agenda • Brief Introduction to All Covered Finance • Regulatory Guidelines • Current challenges • Role of the Information Security Officer (ISO) • Hybrid Concept • Q&A

  3. Patrick H. Whelan - CISA • Strategic consultant focused on security, compliance, and infrastructure planning for community financial institutions. • Provides financial institutions with strategic direction to align their IT infrastructure, processes, and capital outlay with the institution’s vision. • Prior to All Covered, a team member of Silversky, the market leader of enterprise-class information security and messaging services under direct FFIEC oversight. • Prior to Silversky, Patrick designed physical security controls with ADT Fire & Security, a Tyco company. • Degrees from Quinnipiac University and an active member of ISACA.

  4. Company Overview • 30+ years the leading provider for IT, Security, Compliance and Infrastructure Services • Over 500 System Engineers across 24 Regional Office locations • Hundreds of Financial Institutions Clients • Finance Practice Remote Support Center – Application Support – General Business Applications – Banking Applications – NOC – Software Upgrades • IT Compliance Professionals – IT Audit Support – Consulting Services

  5. Regional Office Locations

  6. Financial Services Portfolio IT Compliance Private Cloud Computing Security Services Network Monitoring Network Design and Consulting and Management and Installation

  7. Agenda • Brief Introduction to All Covered Finance • Regulatory Guidelines • Current challenges • Role of the Information Security Officer (ISO) • Hybrid Concept • Q&A

  8. Gramm-Leach-Bliley Act (GLBA) Financial Privacy Safeguards Pretexting Rule Rule Protection

  9. FFIEC IT Examination Handbooks IT Booklets Master Table of Contents • Audit • Business Continuity Planning • Development and Acquisition • E-Banking • Information Security • Management • Operations • Outsourcing Technology Services • Retail Payment Systems • Supervision of Technology Service Providers (TSP) • Wholesale Payment Systems www.FFIEC.GOV

  10. FFIEC Regulatory Guidelines A financial institution should ensure an adequate risk management structure exists within the organization. Some institutions have a separate risk management department that is responsible for overseeing the areas of information security, business continuity planning, audit, insurance and compliance. Regardless of the particular structure used, the institution should ensure that lines of authority are established for enforcing and monitoring controls. These risk management functions should play a key role in measuring, monitoring, and controlling risk.

  11. FFIEC Information Security Booklet • The board is responsible for overseeing and approving the development, implementation, and maintenance of a comprehensive, written information security program, as required by the Gramm-Leach-Bliley Act (GLBA). • The board may delegate information security monitoring to an independent audit function and information security management to an independent information security officer. • Separate information security program management and monitoring from the daily security duties required in IT operations. • The ISO should be an organization-wide risk manager rather than a production resource devoted to IT operations. • To ensure independence, the ISO should report directly to the board or senior management rather than through the IT department.

  12. Presidential Executive Order Presidential Executive Order Improving Critical Infrastructure Cybersecurity (February 12, 2013) Represents the latest in federal policy on cybersecurity Current Bills in the U.S. Senate Cyber Intelligence Sharing and Protection Act To provide for the sharing of certain cyber threat intelligence and cyber threat information between the intelligence community and cybersecurity entities, and for other purposes. Cybersecurity Information Sharing Act of 2014 To improve cybersecurity in the United States through enhanced sharing of information about cybersecurity threats, and for other purposes

  13. Regulatory Exam Focus 2012 2013 Data Classification 2014 IT Risk Assessment Business Continuity Disaster Recovery Vendor Management Cybersecurity

  14. Agenda • Brief Introduction to All Covered Finance • Regulatory Guidelines • Current Challenges • Role of the Information Security Officer (ISO) • Ideals

  15. Challenges in IT Security • Immergence of cybersecurity threats • Lack of knowledge at Board and Executive level • Who has IT oversight capabilities outside of IT? • ISO can’t function under IT, but needs to coordinate with IT • Institutions cannot outsource oversight • Who on staff can we give this title to? • Average salary for ISO $100K-$150

  16. 7 Security Predictions for 2014 1. Making threat intelligence useful 2. Mobile threats 3. Emerging countries will experience more cyber attacks on banks 4. Attacks will spread to smaller institutions 5. New strategies for dealing with insider threats 6. Dealing with challenges created by the NIST framework 7. New needs around data security from Booz Allen Hamilton http://www.banktech.com/7-security-predictions-for-2014-from-booz-allen-hamilton/d/d-id/1296729?

  17. Legal Standard for Auditing? Step 1: Categorize the Information System Step 6. Monitor Step 2. Select Security Controls Security Controls Risk Management Framework Step 5. System Step 3. Implement Authorization Security Controls Step 4. Assess Security Controls

  18. Agenda • Brief Introduction to All Covered Finance • Regulatory Guidelines • Current challenges • Role of the Information Security Officer (ISO) • Hybrid Concept • Q&A

  19. Definition of an Information Security Officer A Information Security Officer ( ISO ) is the resource within an institution responsible for establishing and maintaining the program to ensure information assets and technologies are adequately protected.

  20. Role of the Information Security Officer • Responsible and accountable for administration of the security program • Authority to respond to a security event • Have sufficient knowledge, background, and training to perform role • Report to Board or Senior Management • Independence to perform their assigned tasks

  21. Information Security Responsibilities • • Information Security Program Disaster and Recovery Management • • Access Management Vendor Management • • IT Risk Assessment Vulnerability Assessments • • IT Risk Mitigation Incident Response • • IT Audit Oversight Board of Director Reporting • • IT Steering Committee Physical Security Management • • Interface with Examiners & Auditors Information Security Awareness Training • Monitoring Security Events • Business Continuity Planning

  22. Information Security Program Information Security Program • Regulatory Compliance Compliance – GLBA Framework – FFIEC Policies – SOX – FINRA – SEC Procedures • Information Security • Cybersecurity Forms

  23. IT Risk Assessment • Areas of Focus – Core System – Electronic Banking – Wire Transfer – Hardware – Applications – Network – Etc…

  24. IT Risk Mitigation 1. Risk Identification 2. Risk Measurement 3. Risk Mitigation 4. Review & Monitoring

  25. IT Audit Oversight “Just because you are compliant does not mean you are secure, but if you are secure you are most likely compliant” • External audit findings • Internal audit findings • Remediation management

  26. IT Steering Committee

  27. Business Continuity Plan • Annual revisions • Test plans • Test results

  28. Vendor Management • Program revisions • Annual vendor review results

  29. Vendor Due-Diligence Third-Party Reviewed Financials SSAE 16 (data centers and operations) Insurance Coverage - including Cyber-liability BCP and Disaster Recovery Testing Annual Penetration Testing Long Held Industry-Specific Focus Reference-able Client Base Clear Legal Standing

  30. Vulnerability Assessments • Complete assessments • Document findings • Remediation plan Scan Fix • Remediation management Verify

  31. Incident Response Containment, Detection & Eradication, Post Incident Preparation Analysis and Activities Remediation

  32. Security Event Management • FFIEC require logs be reviewed to help prevent breaches • Reviewing log data is time consuming • Compliance reports need to be easy to read for auditors • Remediating threats is a necessary component to comply; but doing so takes security expertise Turning this… …to that

  33. Collaboration Financial Services Information Sharing & Analysis Center

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Jake Saper, Emergence Capital @jakesaper @jakesaper, Emergence Capital 1 A Bit on Me

Jake Saper, Emergence Capital @jakesaper @jakesaper, Emergence Capital 1 A Bit on Me

Jake Saper, Emergence Capital @jakesaper @jakesaper, Emergence Capital 1 A Bit on Me @jakesaper, Emergence Capital 2 Emergence: A Track Record of Identifying Themes that Impact the Future of Work 2004 Today Horizontal Cloud Industry

746 views • 37 slides
About Deutsche Bank Strategy 2020: Digitalize DB -Targeting up to EUR 1bn of incremental

About Deutsche Bank Strategy 2020: Digitalize DB -Targeting up to EUR 1bn of incremental

eID: the business case for the banking and finance community 5th June 2015 Overview No. Topic 2 2 Context Context 3 eID Key concepts 4 Identity in Banking 5 Drivers for eID adoption Applicability in the banking world 6 Key

88 views • 8 slides
Shareholders April 17, 2020 Company & Bank Performance State of Community Banking

Shareholders April 17, 2020 Company & Bank Performance State of Community Banking

Annual Meeting of Shareholders April 17, 2020 Company & Bank Performance State of Community Banking Customer and Market Performance Education, Outreach, & Support Our Mission: To champion community banking 2

463 views • 35 slides
community-based design and supportive technologies are creating new models for equality and

community-based design and supportive technologies are creating new models for equality and

Ecovillage Emergence in the Sahel Region: How community-based design and supportive technologies are creating new models for equality and sustainability by Ousmane Aly PAME, Founder and President of REDES (Network for Ecovillage Emergence and

579 views • 24 slides
Bank of the Future Discussion on the latest banking and digital trends and their implications

Bank of the Future Discussion on the latest banking and digital trends and their implications

WORKING DRAFT Last Modified 4/1/2016 5:10 PM Central Europe Standard Time Printed Bank of the Future Discussion on the latest banking and digital trends and their implications April 11-12, 2016 In the next decade, we will see the emergence

372 views • 14 slides
EMERGENCE AND REDUCTION: GO HAND IN HAND? Katie Robertson University of Birmingham 1 THE

EMERGENCE AND REDUCTION: GO HAND IN HAND? Katie Robertson University of Birmingham 1 THE

EMERGENCE AND REDUCTION: GO HAND IN HAND? Katie Robertson University of Birmingham 1 THE EVOLVING RELATIONSHIP BETWEEN REDUCTION AND EMERGENCE At first, emergence was defined to be the failure of reduction. Then emergence was shown to

748 views • 47 slides
Emergence Emergence of sus of sustainable tainable markets markets Harriet Friedmann,

Emergence Emergence of sus of sustainable tainable markets markets Harriet Friedmann,

Getting from Getting from here to resilience: here to resilience: Emergence Emergence of sus of sustainable tainable markets markets Harriet Friedmann, Professor of Sociology, Geography and Planning University of Toronto American

737 views • 32 slides
Emergence and social dynamics Nigel Gilbert University of Surrey n.gilbert@surrey.ac.uk

Emergence and social dynamics Nigel Gilbert University of Surrey n.gilbert@surrey.ac.uk

Emergence and social dynamics Nigel Gilbert University of Surrey n.gilbert@surrey.ac.uk cress.soc.surrey.ac.uk Friday, April 3, 2009 1 Overview Computational social science Agent-based models Emergence in sociology Types of emergence An

621 views • 36 slides
THE BANKING SERVICES ACT Banking Services (Deposit Taking Institutions) (Agent Banking)

THE BANKING SERVICES ACT Banking Services (Deposit Taking Institutions) (Agent Banking)

THE BANKING SERVICES ACT Banking Services (Deposit Taking Institutions) (Agent Banking) Regulations 2016 Presentation to Parliament by The Honourable Audley Shaw CD, MP. Minister of Finance and the Public Service

435 views • 6 slides
PROCESS AND PROCEDURES AMIR ALFATAKH YUSOF ISLAMIC BANKING FROM CONVENTIONAL TO ISLAMIC BANKING

PROCESS AND PROCEDURES AMIR ALFATAKH YUSOF ISLAMIC BANKING FROM CONVENTIONAL TO ISLAMIC BANKING

PROCESS AND PROCEDURES AMIR ALFATAKH YUSOF ISLAMIC BANKING FROM CONVENTIONAL TO ISLAMIC BANKING SPEAKER PROFILE 1. Started in Conventional Banking Sales for OCBC Bank Retail, Business Banking and Corporate Banking, Kuala Lumpur Main Branch

830 views • 26 slides
ACTIVITIES OF THE COMMUNITY OF AFRICAN BANKING SUPERVISORS (CABS) ABUJA, 01 20 - 2017

ACTIVITIES OF THE COMMUNITY OF AFRICAN BANKING SUPERVISORS (CABS) ABUJA, 01 20 - 2017

ASSOCIATION OF AFRICAN CENTRAL BANKS (AACB) ACTIVITIES OF THE COMMUNITY OF AFRICAN BANKING SUPERVISORS (CABS) ABUJA, 01 20 - 2017 18/08/16 Summary INTRODUCTION I- IMPLEMENTATION OF WORK PLAN 2014-2016 II- PERSPECTIVES CONCLUSION 2

720 views • 30 slides
Joint Action and the Emergence of Mindreading s.butterfill@warwick.ac.uk challenge Explain

Joint Action and the Emergence of Mindreading s.butterfill@warwick.ac.uk challenge Explain

Joint Action and the Emergence of Mindreading s.butterfill@warwick.ac.uk challenge Explain the emergence, in evolution or development, of sophisticated forms of theory of mind cognition. challenge Explain the emergence, in evolution or

1.22k views • 97 slides
NSP Webinar Disposition & Land Banking February 27, 2018 2:00 P.M. EDT Community Planning and

NSP Webinar Disposition & Land Banking February 27, 2018 2:00 P.M. EDT Community Planning and

U.S. Department of Housing and Urban Development NSP Webinar Disposition & Land Banking February 27, 2018 2:00 P.M. EDT Community Planning and Development Todays Hosts HUD John Laswick Marilee Hansen Lawrence Reyes

712 views • 60 slides
AP BIOLOGY Emergence of Organic Molecules Summer 2013 www.njctl.org Slide 3 / 131 Emergence

AP BIOLOGY Emergence of Organic Molecules Summer 2013 www.njctl.org Slide 3 / 131 Emergence

Slide 1 / 131 Slide 2 / 131 AP BIOLOGY Emergence of Organic Molecules Summer 2013 www.njctl.org Slide 3 / 131 Emergence of Organic Molecules Click on the topic to go to that section The Early Universe & Earth Organic Compounds

956 views • 58 slides
Offering banking services in a mobile world Denise Buckton Head of Mobile and Phone Banking

Offering banking services in a mobile world Denise Buckton Head of Mobile and Phone Banking

Offering banking services in a mobile world Denise Buckton Head of Mobile and Phone Banking Evolution of ANZ & NBNZ Mobile Banking Txt Banking NBNZ iBank M-Banking ANZ goMoney NBNZ Mobile Banking and M-Banking for iPhone browser for

429 views • 8 slides
The New Emergence of Social Media Marketing and Customer Empowerment About Me . One of the

The New Emergence of Social Media Marketing and Customer Empowerment About Me . One of the

The New Emergence of Social Media Marketing and Customer Empowerment About Me . One of the first employees (#6!) at Mashable Author of the widely popular social media marketing book, The New Community Rules: Marketing on the Social Web

382 views • 21 slides
50 Shades of Pain Cybersecurity Regulation for Mortgage Companies has Arrived! 26 th Annual

50 Shades of Pain Cybersecurity Regulation for Mortgage Companies has Arrived! 26 th Annual

50 Shades of Pain Cybersecurity Regulation for Mortgage Companies has Arrived! 26 th Annual Rocky Mountain Mortgage Lenders Expo Thursday April 20, 2017 Sports Authority Field at Mile High Ray Hutchins Mitch Tanenbaum Managing

929 views • 47 slides
PII Awareness Briefing Introduction Cyber attacks on private, public and government

PII Awareness Briefing Introduction Cyber attacks on private, public and government

PII Awareness Briefing Introduction Cyber attacks on private, public and government information systems are becoming all too common. From hackers to cyber criminals and nation states, todays attackers are more disciplined,

918 views • 12 slides
P RODUCTION : 10 C ASE S TUDIES P RESENTATION A UDIO T RANSCRIPT J UNE 24, 2020 P RESENTERS Mark

P RODUCTION : 10 C ASE S TUDIES P RESENTATION A UDIO T RANSCRIPT J UNE 24, 2020 P RESENTERS Mark

O PERATING M ODELS FOR E ARLY G ENERATION S EED P RODUCTION : 10 C ASE S TUDIES P RESENTATION A UDIO T RANSCRIPT J UNE 24, 2020 P RESENTERS Mark Huisenga, USAID Bureau for Resilience and Food Security Lauren Good, Bill & Melinda Gates

515 views • 29 slides
The Aemetis Biorefinery Advanced Renewable Fuels and Chemicals Produced by Conversion of Existing

The Aemetis Biorefinery Advanced Renewable Fuels and Chemicals Produced by Conversion of Existing

The Aemetis Biorefinery Advanced Renewable Fuels and Chemicals Produced by Conversion of Existing Biofuels Facilities March 2015 Disclaimer Certain of the statements contained herein may be statements of future expectations and other

427 views • 29 slides
Introduction to District Improvement Financing (DIF) Financing infrastructure for todays needs

Introduction to District Improvement Financing (DIF) Financing infrastructure for todays needs

Introduction to District Improvement Financing (DIF) Financing infrastructure for todays needs and tomorrows development City Staff & RKG Associates October 11, 2017 Agenda Introduction (Mayor) 1. Proposed Infrastructure Program

640 views • 42 slides
Model Debt Policy September 22, 2011 Model Debt Policy January 1, 2012 - All public entities

Model Debt Policy September 22, 2011 Model Debt Policy January 1, 2012 - All public entities

Model Debt Policy September 22, 2011 Model Debt Policy January 1, 2012 - All public entities incurring debt must adopt a debt management policy. Improve financial decisions; Provide clear objectives; Demonstrate strong financial

679 views • 15 slides
Massachusetts Municipal Auditors and Accountants Association Annual Meeting South

Massachusetts Municipal Auditors and Accountants Association Annual Meeting South

Massachusetts Municipal Auditors and Accountants Association Annual Meeting South Yarmouth, Massachusetts June 11, 2018 Peter Frazier, Managing Director Bonds and Notes An interest bearing promise to pay a sum of money on a specific

704 views • 35 slides
FWCS 2018 Budget September 25, 2017 Agenda State Budget Requirements General Fund

FWCS 2018 Budget September 25, 2017 Agenda State Budget Requirements General Fund

FWCS 2018 Budget September 25, 2017 Agenda State Budget Requirements General Fund Property Tax Supported Funds Total Expected Budget and Comparisons Key Take-Aways 2 Budget Adoption Calendar September 25 Public Budget

783 views • 37 slides

More recommend