Having an Incident Response Plan isn't a suggestion, it is a requirement. Security breaches are inevitable, does your Plan provide a framework to guide you in responding effectively and timely?
It isn’t a matter of “if” but “when” when it comes to a breach that exposes confidential customer or corporate information. Any breach regardless of the type or size can be potentially devastating. Financial losses are not the only concern, what about your reputation? Financial institutions are particularly vulnerable by the very nature of the business. You have information that thieves want, information they can parley into cold hard cash, if not the cash itself. Your incident response plan should provide confidence that you have the right personnel and procedures in place to deal effectively and timely to a security breach.
And if that isn't enough, the financial services industry is mandated to implement security controls and a framework for identifying potential risks, monitoring for and detecting unauthorized access, mitigating the outcome, effectively responding to the event, and notifying customers, law enforcement, and regulators when it does happen. Be sure that examiners will be looking for your plan.
The Incident Response Plan shouldn't be just a checklist. You need well thought out detailed procedures/response steps that have been practiced and tested to ensure you are as prepared as you can be when a security breach happens.
- Is there a regulatory requirement for having a plan?
- Roles and responsibilities
- What types of things would represent a breach?
- Key elements of the plan: What should be included?
- Isn't the Incident Response Plan the same as my Disaster Recovery Plan or Pandemic Plan?
- We outsource our IT function so we don't need a plan, do we?
- What is the CSBS Ransomware Self Assessment Tool?
Who Should Attend?
Senior Management, Audit, Compliance, Risk Management, Security Officers, Operations Officers, IT Officers, IT Steering Committee, or anyone responsible for or wanting to learn more about developing an effective Incident Response Plan.
Susan Orr is a leading financial services expert with vast regulatory, risk management, and security best practice knowledge and expertise.
As an auditor and consultant, Susan is dedicated to assisting financial institutions in implementing appropriate policies and controls to protect confidential information and comply with regulatory mandates and best practices. Her expertise as an auditor and former examiner provides her the knowledge and expertise to conduct comprehensive IT general control and data security reviews and assist de novo institutions in the vendor selection process, preparing policies and procedures, and instituting controls. She also consults for numerous security providers and vendors helping them align products and services to meet institution regulatory mandates. Susan is a Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), and Certified Risk Professional (CRP).
- “Live” Web connection - $265
- 6-month “OnDemand” website link only - $295
- CD-ROM and e-materials only - $345
- Live plus OnDemand website link - $365
- Premier Package: Live, OnDemand link, and CD-ROM plus - $395