New FFIEC Management Guidance

Regulatory expectations around the management structure of Information Technology (IT) is changing with the November 2015 overhaul to the FFIEC IT Management Booklet. Information Security and Cybersecurity issues can no longer be tolerated as only a back office concern. The FFIEC is creating clear accountability with Board of Directors and Executive Management teams to understand Information Security and provide a “credible challenge” to the management team. The FFIEC describes this as “being actively engaged, asking thoughtful questions, and exercising independent judgement”. 

The overhaul elevates the importance of IT governance to be part of the institutions overall governance process and links it directly to strategic planning and existing Enterprise Risk Management processes. The booklet provides clarity around the IT risk management process by expanding on risk identification, measurement, mitigation, monitoring, and reporting components within the overall Information Security Program.  

Covered Topics:

    • Newly Integrated Cybersecurity Expectations
    • Clarification around Chief Information Security Officer Role
    • Direct Information Security Reporting to Board
    • Executive Management Expectations
    • IT Risk Assessment Process Overview
    • Integration of IT into ERM

    Who Should Attend?

    This webinar will benefit the Directors, CEO, Information Security Officer, Network Administrator, Risk Officer, IT Managers, or other management team members involved either Information Technology or Information Security.