There are three phases to creating an Information Security Program for financial institutions: 1) planning and preparation, 2) implementation, and 3) testing and verification. When it comes to testing your ISP, one of the big questions you should ask – both of yourself and your auditor(s) – is “where does our risk really lie?” Are you testing your ISP because you have to, or are you testing your ISP because you really want to protect your institution and your customer’s data from a cyber attack?
What You Will Learn
- People, Process, and Technology
- Minimum Requirements for Testing Your ISP
- Best Practices for Testing Your ISP
- Reactive Testing vs. Proactive Testing
- Additional Security Testing to Consider
Who Should Attend?
Information Security Officer, IT Manager, Risk Officer, Internal Auditor, CIO, and Executives looking to understand the Cybersecurity Assessment process, common weaknesses in controls, and how to address them.