As the ISO, part of your responsibility is building and maintaining the Information Security Program (ISP). While an ISP has many important elements, there are 3 fundamental components: risk assessments, ISP policies and procedures, and audits.
The risk assessments will help you make decisions. The policies and procedures document the decisions for your institution to implement. And the audit verifies that those decisions have been properly implemented and are adequate controls to protect your institution.
What You’ll Learn
- FFIEC roles and responsibilities of the ISP
- Building a strong cybersecurity culture
- Board reporting
- Educational and certification paths
- Strong risk assessment methodology
- Creating your ISP with policies and procedures
Who Should Attend
This session is ideal for IT and IS professionals who need to understand the strategic makeup of their IT team.
Instructor Bio
Lynda Hartup is a Senior Information Security Consultant at SBS CyberSecurity (SBS), a company dedicated to helping organizations identify and understand cybersecurity risks to make more informed and proactive decisions.
Lynda maintains her Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), and Certified Banking Security Manager (CBSM) certifications. She received her Bachelor of Interdisciplinary Studies from the University of Southern Mississippi and completed the Graduate School of Banking at Louisiana State University.
Lynda has 20 years of financial institution experience in various positions, including Information Security Officer and dedicated IT Examiner. She also served for seven years as a Bank Examiner-IT Specialist for the Mississippi Department of Banking. Her specialties lie in IT governance, risk management, and regulatory compliance.
