the emergence of the iso in community banking
play

The Emergence of the ISO in Community Banking Patrick H. Whelan CISA - PowerPoint PPT Presentation

Nov 18, 2023 •243 likes •650 views

THE MARKET LEADER IN IT, SECURITY AND COMPLIANCE SERVICES FOR COMMUNITY FINANCIAL INSTITUTIONS The Emergence of the ISO in Community Banking Patrick H. Whelan CISA IT Security & Compliance Consultant Agenda Brief Introduction

  1. THE MARKET LEADER IN IT, SECURITY AND COMPLIANCE SERVICES FOR COMMUNITY FINANCIAL INSTITUTIONS “The Emergence of the ISO in Community Banking” Patrick H. Whelan – CISA IT Security & Compliance Consultant

  2. Agenda • Brief Introduction to All Covered Finance • Regulatory Guidelines • Current challenges • Role of the Information Security Officer (ISO) • Hybrid Concept • Q&A

  3. Patrick H. Whelan - CISA • Strategic consultant focused on security, compliance, and infrastructure planning for community financial institutions. • Provides financial institutions with strategic direction to align their IT infrastructure, processes, and capital outlay with the institution’s vision. • Prior to All Covered, a team member of Silversky, the market leader of enterprise-class information security and messaging services under direct FFIEC oversight. • Prior to Silversky, Patrick designed physical security controls with ADT Fire & Security, a Tyco company. • Degrees from Quinnipiac University and an active member of ISACA.

  4. Company Overview • 30+ years the leading provider for IT, Security, Compliance and Infrastructure Services • Over 500 System Engineers across 24 Regional Office locations • Hundreds of Financial Institutions Clients • Finance Practice Remote Support Center – Application Support – General Business Applications – Banking Applications – NOC – Software Upgrades • IT Compliance Professionals – IT Audit Support – Consulting Services

  5. Regional Office Locations

  6. Financial Services Portfolio IT Compliance Private Cloud Computing Security Services Network Monitoring Network Design and Consulting and Management and Installation

  7. Agenda • Brief Introduction to All Covered Finance • Regulatory Guidelines • Current challenges • Role of the Information Security Officer (ISO) • Hybrid Concept • Q&A

  8. Gramm-Leach-Bliley Act (GLBA) Financial Privacy Safeguards Pretexting Rule Rule Protection

  9. FFIEC IT Examination Handbooks IT Booklets Master Table of Contents • Audit • Business Continuity Planning • Development and Acquisition • E-Banking • Information Security • Management • Operations • Outsourcing Technology Services • Retail Payment Systems • Supervision of Technology Service Providers (TSP) • Wholesale Payment Systems www.FFIEC.GOV

  10. FFIEC Regulatory Guidelines A financial institution should ensure an adequate risk management structure exists within the organization. Some institutions have a separate risk management department that is responsible for overseeing the areas of information security, business continuity planning, audit, insurance and compliance. Regardless of the particular structure used, the institution should ensure that lines of authority are established for enforcing and monitoring controls. These risk management functions should play a key role in measuring, monitoring, and controlling risk.

  11. FFIEC Information Security Booklet • The board is responsible for overseeing and approving the development, implementation, and maintenance of a comprehensive, written information security program, as required by the Gramm-Leach-Bliley Act (GLBA). • The board may delegate information security monitoring to an independent audit function and information security management to an independent information security officer. • Separate information security program management and monitoring from the daily security duties required in IT operations. • The ISO should be an organization-wide risk manager rather than a production resource devoted to IT operations. • To ensure independence, the ISO should report directly to the board or senior management rather than through the IT department.

  12. Presidential Executive Order Presidential Executive Order Improving Critical Infrastructure Cybersecurity (February 12, 2013) Represents the latest in federal policy on cybersecurity Current Bills in the U.S. Senate Cyber Intelligence Sharing and Protection Act To provide for the sharing of certain cyber threat intelligence and cyber threat information between the intelligence community and cybersecurity entities, and for other purposes. Cybersecurity Information Sharing Act of 2014 To improve cybersecurity in the United States through enhanced sharing of information about cybersecurity threats, and for other purposes

  13. Regulatory Exam Focus 2012 2013 Data Classification 2014 IT Risk Assessment Business Continuity Disaster Recovery Vendor Management Cybersecurity

  14. Agenda • Brief Introduction to All Covered Finance • Regulatory Guidelines • Current Challenges • Role of the Information Security Officer (ISO) • Ideals

  15. Challenges in IT Security • Immergence of cybersecurity threats • Lack of knowledge at Board and Executive level • Who has IT oversight capabilities outside of IT? • ISO can’t function under IT, but needs to coordinate with IT • Institutions cannot outsource oversight • Who on staff can we give this title to? • Average salary for ISO $100K-$150

  16. 7 Security Predictions for 2014 1. Making threat intelligence useful 2. Mobile threats 3. Emerging countries will experience more cyber attacks on banks 4. Attacks will spread to smaller institutions 5. New strategies for dealing with insider threats 6. Dealing with challenges created by the NIST framework 7. New needs around data security from Booz Allen Hamilton http://www.banktech.com/7-security-predictions-for-2014-from-booz-allen-hamilton/d/d-id/1296729?

  17. Legal Standard for Auditing? Step 1: Categorize the Information System Step 6. Monitor Step 2. Select Security Controls Security Controls Risk Management Framework Step 5. System Step 3. Implement Authorization Security Controls Step 4. Assess Security Controls

  18. Agenda • Brief Introduction to All Covered Finance • Regulatory Guidelines • Current challenges • Role of the Information Security Officer (ISO) • Hybrid Concept • Q&A

  19. Definition of an Information Security Officer A Information Security Officer ( ISO ) is the resource within an institution responsible for establishing and maintaining the program to ensure information assets and technologies are adequately protected.

  20. Role of the Information Security Officer • Responsible and accountable for administration of the security program • Authority to respond to a security event • Have sufficient knowledge, background, and training to perform role • Report to Board or Senior Management • Independence to perform their assigned tasks

  21. Information Security Responsibilities • • Information Security Program Disaster and Recovery Management • • Access Management Vendor Management • • IT Risk Assessment Vulnerability Assessments • • IT Risk Mitigation Incident Response • • IT Audit Oversight Board of Director Reporting • • IT Steering Committee Physical Security Management • • Interface with Examiners & Auditors Information Security Awareness Training • Monitoring Security Events • Business Continuity Planning

  22. Information Security Program Information Security Program • Regulatory Compliance Compliance – GLBA Framework – FFIEC Policies – SOX – FINRA – SEC Procedures • Information Security • Cybersecurity Forms

  23. IT Risk Assessment • Areas of Focus – Core System – Electronic Banking – Wire Transfer – Hardware – Applications – Network – Etc…

  24. IT Risk Mitigation 1. Risk Identification 2. Risk Measurement 3. Risk Mitigation 4. Review & Monitoring

  25. IT Audit Oversight “Just because you are compliant does not mean you are secure, but if you are secure you are most likely compliant” • External audit findings • Internal audit findings • Remediation management

  26. IT Steering Committee

  27. Business Continuity Plan • Annual revisions • Test plans • Test results

  28. Vendor Management • Program revisions • Annual vendor review results

  29. Vendor Due-Diligence Third-Party Reviewed Financials SSAE 16 (data centers and operations) Insurance Coverage - including Cyber-liability BCP and Disaster Recovery Testing Annual Penetration Testing Long Held Industry-Specific Focus Reference-able Client Base Clear Legal Standing

  30. Vulnerability Assessments • Complete assessments • Document findings • Remediation plan Scan Fix • Remediation management Verify

  31. Incident Response Containment, Detection & Eradication, Post Incident Preparation Analysis and Activities Remediation

  32. Security Event Management • FFIEC require logs be reviewed to help prevent breaches • Reviewing log data is time consuming • Compliance reports need to be easy to read for auditors • Remediating threats is a necessary component to comply; but doing so takes security expertise Turning this… …to that

  33. Collaboration Financial Services Information Sharing & Analysis Center

Recommend

Jake Saper, Emergence Capital @jakesaper @jakesaper, Emergence Capital 1 A Bit on Me

Jake Saper, Emergence Capital @jakesaper @jakesaper, Emergence Capital 1 A Bit on Me

Jake Saper, Emergence Capital @jakesaper @jakesaper, Emergence Capital 1 A Bit on Me @jakesaper, Emergence Capital 2 Emergence: A Track Record of Identifying Themes that Impact the Future of Work 2004 Today Horizontal Cloud Industry

746 views • 37 slides
About Deutsche Bank Strategy 2020: Digitalize DB -Targeting up to EUR 1bn of incremental

About Deutsche Bank Strategy 2020: Digitalize DB -Targeting up to EUR 1bn of incremental

eID: the business case for the banking and finance community 5th June 2015 Overview No. Topic 2 2 Context Context 3 eID Key concepts 4 Identity in Banking 5 Drivers for eID adoption Applicability in the banking world 6 Key

88 views • 8 slides
Shareholders April 17, 2020 Company & Bank Performance State of Community Banking

Shareholders April 17, 2020 Company & Bank Performance State of Community Banking

Annual Meeting of Shareholders April 17, 2020 Company & Bank Performance State of Community Banking Customer and Market Performance Education, Outreach, & Support Our Mission: To champion community banking 2

463 views • 35 slides
community-based design and supportive technologies are creating new models for equality and

community-based design and supportive technologies are creating new models for equality and

Ecovillage Emergence in the Sahel Region: How community-based design and supportive technologies are creating new models for equality and sustainability by Ousmane Aly PAME, Founder and President of REDES (Network for Ecovillage Emergence and

579 views • 24 slides
Bank of the Future Discussion on the latest banking and digital trends and their implications

Bank of the Future Discussion on the latest banking and digital trends and their implications

WORKING DRAFT Last Modified 4/1/2016 5:10 PM Central Europe Standard Time Printed Bank of the Future Discussion on the latest banking and digital trends and their implications April 11-12, 2016 In the next decade, we will see the emergence

372 views • 14 slides
EMERGENCE AND REDUCTION: GO HAND IN HAND? Katie Robertson University of Birmingham 1 THE

EMERGENCE AND REDUCTION: GO HAND IN HAND? Katie Robertson University of Birmingham 1 THE

EMERGENCE AND REDUCTION: GO HAND IN HAND? Katie Robertson University of Birmingham 1 THE EVOLVING RELATIONSHIP BETWEEN REDUCTION AND EMERGENCE At first, emergence was defined to be the failure of reduction. Then emergence was shown to

748 views • 47 slides
Emergence Emergence of sus of sustainable tainable markets markets Harriet Friedmann,

Emergence Emergence of sus of sustainable tainable markets markets Harriet Friedmann,

Getting from Getting from here to resilience: here to resilience: Emergence Emergence of sus of sustainable tainable markets markets Harriet Friedmann, Professor of Sociology, Geography and Planning University of Toronto American

737 views • 32 slides
Emergence and social dynamics Nigel Gilbert University of Surrey n.gilbert@surrey.ac.uk

Emergence and social dynamics Nigel Gilbert University of Surrey n.gilbert@surrey.ac.uk

Emergence and social dynamics Nigel Gilbert University of Surrey n.gilbert@surrey.ac.uk cress.soc.surrey.ac.uk Friday, April 3, 2009 1 Overview Computational social science Agent-based models Emergence in sociology Types of emergence An

621 views • 36 slides
THE BANKING SERVICES ACT Banking Services (Deposit Taking Institutions) (Agent Banking)

THE BANKING SERVICES ACT Banking Services (Deposit Taking Institutions) (Agent Banking)

THE BANKING SERVICES ACT Banking Services (Deposit Taking Institutions) (Agent Banking) Regulations 2016 Presentation to Parliament by The Honourable Audley Shaw CD, MP. Minister of Finance and the Public Service

435 views • 6 slides
PROCESS AND PROCEDURES AMIR ALFATAKH YUSOF ISLAMIC BANKING FROM CONVENTIONAL TO ISLAMIC BANKING

PROCESS AND PROCEDURES AMIR ALFATAKH YUSOF ISLAMIC BANKING FROM CONVENTIONAL TO ISLAMIC BANKING

PROCESS AND PROCEDURES AMIR ALFATAKH YUSOF ISLAMIC BANKING FROM CONVENTIONAL TO ISLAMIC BANKING SPEAKER PROFILE 1. Started in Conventional Banking Sales for OCBC Bank Retail, Business Banking and Corporate Banking, Kuala Lumpur Main Branch

830 views • 26 slides
ACTIVITIES OF THE COMMUNITY OF AFRICAN BANKING SUPERVISORS (CABS) ABUJA, 01 20 - 2017

ACTIVITIES OF THE COMMUNITY OF AFRICAN BANKING SUPERVISORS (CABS) ABUJA, 01 20 - 2017

ASSOCIATION OF AFRICAN CENTRAL BANKS (AACB) ACTIVITIES OF THE COMMUNITY OF AFRICAN BANKING SUPERVISORS (CABS) ABUJA, 01 20 - 2017 18/08/16 Summary INTRODUCTION I- IMPLEMENTATION OF WORK PLAN 2014-2016 II- PERSPECTIVES CONCLUSION 2

720 views • 30 slides
Joint Action and the Emergence of Mindreading s.butterfill@warwick.ac.uk challenge Explain

Joint Action and the Emergence of Mindreading s.butterfill@warwick.ac.uk challenge Explain

Joint Action and the Emergence of Mindreading s.butterfill@warwick.ac.uk challenge Explain the emergence, in evolution or development, of sophisticated forms of theory of mind cognition. challenge Explain the emergence, in evolution or

1.22k views • 97 slides
NSP Webinar Disposition & Land Banking February 27, 2018 2:00 P.M. EDT Community Planning and

NSP Webinar Disposition & Land Banking February 27, 2018 2:00 P.M. EDT Community Planning and

U.S. Department of Housing and Urban Development NSP Webinar Disposition & Land Banking February 27, 2018 2:00 P.M. EDT Community Planning and Development Todays Hosts HUD John Laswick Marilee Hansen Lawrence Reyes

712 views • 60 slides
AP BIOLOGY Emergence of Organic Molecules Summer 2013 www.njctl.org Slide 3 / 131 Emergence

AP BIOLOGY Emergence of Organic Molecules Summer 2013 www.njctl.org Slide 3 / 131 Emergence

Slide 1 / 131 Slide 2 / 131 AP BIOLOGY Emergence of Organic Molecules Summer 2013 www.njctl.org Slide 3 / 131 Emergence of Organic Molecules Click on the topic to go to that section The Early Universe & Earth Organic Compounds

956 views • 58 slides
Offering banking services in a mobile world Denise Buckton Head of Mobile and Phone Banking

Offering banking services in a mobile world Denise Buckton Head of Mobile and Phone Banking

Offering banking services in a mobile world Denise Buckton Head of Mobile and Phone Banking Evolution of ANZ & NBNZ Mobile Banking Txt Banking NBNZ iBank M-Banking ANZ goMoney NBNZ Mobile Banking and M-Banking for iPhone browser for

429 views • 8 slides
The New Emergence of Social Media Marketing and Customer Empowerment About Me . One of the

The New Emergence of Social Media Marketing and Customer Empowerment About Me . One of the

The New Emergence of Social Media Marketing and Customer Empowerment About Me . One of the first employees (#6!) at Mashable Author of the widely popular social media marketing book, The New Community Rules: Marketing on the Social Web

382 views • 21 slides
Banking Transformation in ASEAN and Mobile Banking in Indonesia 16 Feb 2012 Indonesia

Banking Transformation in ASEAN and Mobile Banking in Indonesia 16 Feb 2012 Indonesia

Banking Transformation in ASEAN and Mobile Banking in Indonesia 16 Feb 2012 Indonesia International Banking Convention (IIBC) Devabalan Theyventheran Head of Transformation Office and Business Process Development CIMB Group Agenda 1

439 views • 24 slides
Co-production in Action: perspectives from Emergence a service user led organisation Jane

Co-production in Action: perspectives from Emergence a service user led organisation Jane

Co-production in Action: perspectives from Emergence a service user led organisation Jane Jackson Project Manager Emergence Co-production in Action Who are Emergence? What do we do and how do we do it? Examples of Co-production

518 views • 16 slides
Leveraging Lending and Banking Data for Your Neighborhood PRESENTER: Cynthia DuRant

Leveraging Lending and Banking Data for Your Neighborhood PRESENTER: Cynthia DuRant

Leveraging Lending and Banking Data for Your Neighborhood PRESENTER: Cynthia DuRant Community Affairs Specialist, FDIC Objectives Understand the purpose of the Community Reinvestment Act (CRA) Understand how to research information

589 views • 9 slides
The Emergence and Role of the Consumer Operated and Oriented Plan (CO-OP) Overview CO-OPs

The Emergence and Role of the Consumer Operated and Oriented Plan (CO-OP) Overview CO-OPs

The Emergence and Role of the Consumer Operated and Oriented Plan (CO-OP) Overview CO-OPs in Brief Maine Community Health Options What is a CO-OP? The ACA (Section 1322) created the Consumer Operated and Oriented Plan (CO-OP) program

167 views • 16 slides
BIOLOGICAL EMERGENCE: AN INTRODUCTION Dr. Harry Cook The Kings University College Edmonton,

BIOLOGICAL EMERGENCE: AN INTRODUCTION Dr. Harry Cook The Kings University College Edmonton,

BIOLOGICAL EMERGENCE: AN INTRODUCTION Dr. Harry Cook The Kings University College Edmonton, Canada Three claims undergird emergence theory: 1) Empirical reality divides naturally into multiple levels. Over the course of natural history,

616 views • 38 slides
The Italian Banking System in the Perspective of the Banking Union Fabio Panetta Member of the

The Italian Banking System in the Perspective of the Banking Union Fabio Panetta Member of the

The Italian Banking System in the Perspective of the Banking Union Fabio Panetta Member of the Governing Board - Banca dItalia London, November 21, 2013 Outline of the Presentation 1. The Banking Union (BU) project o the Single Supervisory

321 views • 21 slides
Chapter 14: Organizational and Institutional Genesis: The Emergence of High-Tech Clusters in the

Chapter 14: Organizational and Institutional Genesis: The Emergence of High-Tech Clusters in the

Chapter 14: Organizational and Institutional Genesis: The Emergence of High-Tech Clusters in the Life Sciences Walter W. Powell Kelley A. Packalen Kjersten Whittington Central concern: Organizational and Institutional Emergence What

320 views • 28 slides
Interacting Mindreaders s.butterfill@warwick.ac.uk challenge Explain the emergence, in evolution

Interacting Mindreaders s.butterfill@warwick.ac.uk challenge Explain the emergence, in evolution

Joint Action and the Emergence of Mindreading Interacting Mindreaders s.butterfill@warwick.ac.uk challenge Explain the emergence, in evolution or development, of sophisticated forms of mindreading. conjecture The existence of abilities to

774 views • 36 slides

More recommend