In 1999, Congress passed the Gramm-Leach-Bliley Act, requiring all financial institutions to have a written Information Security Program (ISP) based on a risk assessment that outlines how each institution is protecting confidential customer information.
ISPs have evolved a bit over the last 20 years, however. Some of the biggest questions we hear about an ISP include: What are the major components of a modern ISP? What’s the most effective way for an ISP to be structured? How does the ISP flow together? Let’s discuss.
- Regulatory requirements of an Information Security Program
- Major Components of an ISP
- Policies vs. Procedure vs. Standards vs. Guidelines
- How to write auditable ISP policies
- Separating out Procedure from Policy
- ISP Reporting Requirements
- Building an ISP Framework than can handle anything you throw at it
Who Should Attend?
Information Security Officer, IT Manager, Risk Officer, Internal Auditor, Board members, or other management team members looking to understand the new FFIEC requirements and expectations.
Please note: This site employs features that may cause unexpected behavior in older versions of Internet Explorer. If you experience a problem, try refreshing your screen. If this doesn't solve the problem, click on this link.
You may contact us by using the Online Chat button below.