PACB One-Day Cybersecurity Workshop



Similar documents
PACB One-Day Cybersecurity Workshop

CYBERSECURITY HOT TOPICS

Cybersecurity. WBA Bank Executives Conference February 2 4, 2015 Milwaukee, WI

What Directors need to know about Cybersecurity?

Cyber Security and your Financial Institution: Are you ready for the increased scrutiny related to cyber risks?

You are the weakest link! Presented by Michael Hammond, CISA, CRISC, CISSP, C EH Director, IT Audit & Security O Connor & Drew P.C. mhammond@ocd.

CYBERSECURITY: PROTECTING YOUR ORGANIZATION AGAINST CYBER ATTACKS. Viviana Campanaro CISSP Director, Security and Compliance July 14, 2015

Cyber Security 2014 SECURE BANKING SOLUTIONS, LLC

Ed McMurray, CISA, CISSP, CTGA CoNetrix

Guide to Preventing Social Engineering Fraud

Get on First Base with your Regulators and Cyber Security

Data Security Best Practices & Reasonable Methods

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.

Ten Questions Your Board Should be asking about Cyber Security. Eric M. Wright, Shareholder

Universities and Schools Under Cyber-Attack: How to Protect Your Institution of Excellence

What is Management Responsible For?

INFORMATION SECURITY FOR YOUR AGENCY

Belmont Savings Bank. Are there Hackers at the gate? 2013 Wolf & Company, P.C.

Information Technology

2015 CEO & Board University Cybersecurity on the Rise. Matthew J. Putvinski, CPA, CISA, CISSP

Cybercrime and Regulatory Priorities for Cybersecurity

Top 10 Baseline Cybersecurity Controls Banks Aren't Doing

Cybersecurity Workshop

How To Improve Your Cyber Security

Certification Programs

Certification Programs

CUSTOMER SECURITY AWARENESS: A Key Defense Against Corporate Account Takeover & Cyber Fraud

Compliance. Review. Our Compliance Review is based on an in-depth analysis and evaluation of your organization's:

CYBERSECURITY INVESTIGATIONS

AUDIT TAX SYSTEMS ADVISORY

How To Protect Yourself From A Hacker Attack

Information Security Management System (ISMS) Overview. Arhnel Klyde S. Terroza

Cyber Security Breakout Session. Ed Rosenberg, Vice President & Chief Security Officer, BMO Financial Group Legal, Corporate & Compliance Group

The Future of Hacking

The Emergence of the ISO in Community Banking Patrick H. Whelan CISA IT Security & Compliance Consultant

How-To Guide: Cyber Security. Content Provided by

Protecting the Information of Clients, Donors, the Organization, Oh MY! Stacey Keegan November 14, 2012

By: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015

Current Developments Concerning Cybersecurity. ICI General Membership Meeting Legal Forum Jillian Bosmann and Nancy O Hara Thursday, May 19, 2016

Data Security Breach. How to Respond

Cybersecurity. Threats to Nonprofits. Chris Debo Senior Manager, IT Audit. August 14, 2014

Training and Awareness

Cyber Self Assessment

Briefly describe the #1 problem you have encountered with implementing Multi-Factor Authentication.

Cyber Security and Information Assurance Controls Prevention and Reaction NOVEMBER 2013

Your Personal Information: Protecting it from Exploitation

THE EVOLUTION OF CYBERSECURITY

Real World Healthcare Security Exposures. Brian Selfridge, Partner, Meditology Services

Mean Time to Fix (MTTF) IT Risk s Dirty Little Secret Joe Krull, CPP, CISSP, IAM, CISA, A.Inst.ISP, CRISC, CIPP

Interagency Guidelines Establishing Information Security Standards. Small-Entity Compliance Guide

SBA Cybersecurity for Small Businesses. 1.1 Introduction. 1.2 Course Objectives. 1.3 Course Topics

Your Network Has Been Compromised. Is It Time To Reevaluate Your Traditional Cybersecurity Paradigms?

Cybersecurity: A Growing Concern for All Businesses. RLI Design Professionals Design Professionals Learning Event DPLE 160 October 7, 2015

Identity Theft and Medical Theft. *Christine Stagnetto-Sarmiento, Oglala Lakota College, USA

Cybersecurity Kill Chain. William F. Crowe, CISA, CISM, CRISC, CRMA September 2015 ISACA Jacksonville Chapter Meeting August 13, 2015

Mobile Security - Mobilidade Bancária e Digital Workers. Américo Alonso, CISSP, CIS LATAM Offering Manager for CyberSecurity

Cybersecurity Best Practices in Mortgage Banking. Article by Jim Deitch October 2015

Compliance Services CONSULTING. Gap Analysis. Internal Audit

RLI PROFESSIONAL SERVICES GROUP PROFESSIONAL LEARNING EVENT PSGLE 123. Cybersecurity: A Growing Concern for Small Businesses

VENDOR RISK MANAGEMENT UPDATE- ARE YOU AT RISK? Larry L. Llirán, CISA, CISM December 10, 2015 ISACA Puerto Rico Symposium

E-Banking Regulatory Update

11th AMC Conference The Privacy Security Partnership in Managing Risk June 22, 2015 Angel Hoffman, Dennis Schmidt, Jay Trinckes

Cybersecurity The role of Internal Audit

The Top Web Application Attacks: Are you vulnerable?

Presented by Evan Sylvester, CISSP

DATA SECURITY HACKS, HIPAA AND HUMAN RISKS

Why you MUST protect your customer data

Auditing emerging cyber threats and IT controls

Cybersecurity Issues for Community Banks

Cybersecurity. Are you prepared?

Company Profile

CAPACITY BUILDING TO STRENGTHEN CYBERSECURITY. Sazali Sukardi Vice President Research CyberSecurity Malaysia

Cyber- Attacks: The New Frontier for Fraudsters. Daniel Wanjohi, Technology Security Specialist

Developing a Successful Security Awareness Training Program. Shea Garber, Sr. Account Executive Wombat Security Technologies, Inc.

Cybersecurity Best Practices

Defending Against Data Beaches: Internal Controls for Cybersecurity

Cybersecurity Risks, Regulation, Remorse, and Ruin

Logging In: Auditing Cybersecurity in an Unsecure World

Who s Regulating Whom & What are the Requirements: Banks As Payment Services Providers

Select Agent Program Workshop November 2012

Click to edit Master title style

Corporate Security Awareness. The Common Sense of Compliance

SECURITY CONSIDERATIONS FOR LAW FIRMS

DEPARTMENT OF DEFENSE 6000 DEFENSE PENTAGON WASHINGTON, D.C

3 day Workshop on Cyber Security & Ethical Hacking

CUSTOMER SECURITY AWARENESS PROGRAM

Auditing After a Cyber Attack JAX IIA Chapter Meeting Cybersecurity and Law Enforcement

October 24, Mitigating Legal and Business Risks of Cyber Breaches

Department of Management Services. Request for Information

Cyber Security Pr o t e c t i n g y o u r b a n k a g a i n s t d a t a b r e a c h e s

North Texas ISSA CISO Roundtable

Does it state the management commitment and set out the organizational approach to managing information security?

SECURITY. Risk & Compliance Services

Training Employees to Recognise & Avoid Advanced Threats

Information Security Addressing Your Advanced Threats

Top Authentication & Identification Methods to Protect Your Credit Union

Managing Social Media Risks MAY 13, 2014

CLEAR LAKE BANK & TRUST COMPANY Internet Banking Customer Awareness & Education Program For Businesses

Security Awareness Training

Course 4202: Fraud Awareness and Cyber Security Workshop (3 days)

Transcription:

PACB One-Day Cybersecurity Workshop CYBERSECURITY AWARENESS AND TRAINING! PRESENTED BY: JON WALDMAN, SBS CISA, CRISC Secure Banking Solutions, LLC www.protectmybank.com 1

Agenda What is cybersecurity? What do I need to know about cybersecurity? What are some of today s cybersecurity threats? How do I build a useful Information Security Program? How do I build a Risk Assessment that helps me make decisions? People are the weakest link; how do I prepare and train my people to mitigate risk? Bad things are going to happen; it s inevitable. How do I plan for and prepare to respond to incidents?

Security Awareness Training HOW DO YOU SECURE THE HUMAN?

Security Awareness Security Awareness is the degree or extent to which every member of staff understands: the importance of security the levels of security appropriate to the organization their individual security responsibilities... and acts accordingly.

Social Engineering The manipulation of people, rather than machines, to successfully breach the security systems of an enterprise or a consumer". People, by nature, are unpredictable and susceptible to manipulation and persuasion. Studies show that humans have certain behavioral tendencies that can be exploited with careful manipulation. Rich Mogull, research director for information security and risk at Gartner, said social engineering is more of a problem than hacking. We believe social engineering is the single greatest security risk in the decade ahead."

Regulatory Requirements The Federal Reserve says: The Security Guidelines require a financial institution to train staff to prepare and implement its information security program. III.C.2 of the Security Guidelines. The institution should consider providing specialized training to ensure that personnel sufficiently protect customer information in accordance with its information security program. For example, an institution should: Train staff to recognize and respond to schemes to commit fraud or identity theft, such as guarding against pretext calling; Provide staff members responsible for building or maintaining computer systems and local and wide-area networks with adequate training, including instruction about computer security; and Train staff to properly dispose of customer information. FDIC says Train staff to implement the bank's information security program.

Regulatory Requirements The FFIEC Info Security booklet says: Financial institutions need to educate users regarding their security roles and responsibilities. Training should support security awareness and strengthen compliance with security policies, standards, and procedures. Ultimately, the behavior and priorities of senior management heavily influence the level of employee awareness and policy compliance, so training and the commitment to security should start with senior management. Training materials for desktop and workstation users would typically review the acceptable use policy and include issues like desktop security, log-on requirements, password administration guidelines, etc. Training should also address social engineering and the policies and procedures that protect against social engineering attacks. Many institutions integrate a signed security awareness agreement along with periodic training and refresher courses.

Document a Policy Define target and purpose Define the number of hours annually Documentation requirements for attendance Define general topics Require additional details in a program (ISAP)

Sample ISAP Program

ISAP Program Topics Training Topics Training Videos Information Security Day/Week Security Posters Trainer/Outsourcing Reporting/Documentation Integration of Acceptable Use

Meeting FFIEC Compliance: Customer Awareness and Education 1.Handouts / Pamphlets 2.Posters / Calendars 3.Security Awareness Day 4.InfraGard Certification 5.Social Engineering Tests 6.Games 7.Resources 8.Commercial Customer Roundtable

Posters https://services.learnupon.com/store

Awareness Brochures https://services.learnupon.com/store

Regular Email Notifications From the ISO Test your Phishing IQ: http://www.sonicwall.com/furl/phishing/phishing-quiz-question.php For more general information about protecting yourself from Internet Fraud, please read this article: http://www.fbi.gov/scams-safety/fraud/internet_fraud/internet_fraud#ndm

Securing the Human http://www.securingthehuman.org/

Infragard Awareness https://www.infragardawareness.com/

Security Awareness Day

Onsite or Online Education

Customer Auditing Controls Audit Onsite visits Self Assessment / Evidence Social Engineering Tests On customers? USB/Media Dumpster Diving Phishing Impersonation Physical and phone

Physical Security And Social Engineering Examples Physical Impersonation

Physical Security And Social Engineering Examples Pretext Calling

Physical Security And Social Engineering Examples Phishing, Spear Phishing, and Whaling

Physical Security And Social Engineering Examples Dumpster Diving

Physical Security And Social Engineering Examples Unknown Media or Baiting

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information