Being an Information Security Officer (or similar role) is a big responsibility in today’s world of cyber threats and data breaches. This presentation is for those who are new to the ISO (or similar) role or have been the ISO for some time but want to review what is expected and how to be successful. As the ISO, part of your responsibility is building and maintaining the Information Security Program.

While an ISP has many important elements, there are 3 fundamental components: Risk Assessment(s), ISP Policies and Procedures, and Audit. The Risk Assessment will help you make decisions, the Policies and Procedures document the decisions for your institution to implement, and Audit verifies that those decisions have been properly implemented and are adequate controls to protect your institution.

This presentation will cover the following areas/topics:

• FFIEC Roles and Responsibilities of the ISP
• Building a strong Cybersecurity Culture
• Board Reporting
• Educational and Certification Paths
• Strong Risk Assessment Methodology
• Creating your ISP with Policies and Procedures

Target Audience:  Information security officers, IT managers, risk offi