BUSINESS OF BANKING CURRICULUM

This section is an introduction to banking for technology and cybersecurity professionals who want to understand the business they serve, how it works, and a bank’s critical role in our local communities.

• Introduction to the Business of Banking
  Learn the major components of a bank’s balance sheet, income statement and key ratios used in decision-making at the bank. This session also outlines the concept of strategic planning and achievement of sustainable competitive advantage.
• Bank Profitability Analysis
  Attendees will come away with a clear understanding of the main components that affect bank profitability. You’ll explore management’s focus on certain ratios and the effect on human resources requirements.
• Asset/Liability Management
  In this session, attendees will learn the goals, organization, and process of asset/liability management and how to integrate A/L with IT management goals. You’ll gain a better understanding of how to identify different types of risk and the implications of risk mismatch.
• Bank Regulatory & Competitive Environment
  Learn the forces that affect industry competitiveness and the impact of deregulation on earnings. Key issues for bank survival and prosperity and the shift from product-driven to market-driven strategies will also be discussed.

CYBERSECURITY CURRICULUM

• Security Breaches, Laws, & Regulations

This section provides a comprehensive overview of the evolving threat landscape facing financial institutions. 

Key Topics:

• Recent high-profile breaches and ransomware attacks targeting financial institutions 

• Standards from FFIEC, GLBA, FDIC, OCC, and NIST 
• Insights from real-world incidents 
• Best Practices in Risk Management, Incident Response, Vendor oversight, Implementation of technical controls

• Information Security Management

Master the strategic and operational aspects of managing an information security program within a bank. This material emphasizes the crucial role of management in developing written policies, meeting regulatory requirements, and integrating administrative, technical, and physical safeguards.  

Key Topics:

• Risk assessment and policy development 

• Asset and vendor management 

• Access controls and security awareness 

• Network security and business continuity 

• Incident response and social engineering 

• Vulnerability management and audit processes 

• Using industry standards to meet emerging threats and regulatory demands 

• Security Risk Assessment

This section provides a clear and practical guide for conducting risk assessments in financial institutions, focusing on regulatory requirements. It emphasizes the significance of risk assessments for ensuring compliance, facilitating informed decision-making, and developing robust information security programs.  

Key Topics: 

• Key regulatory standards: GLBA, FFIEC, NIST 

• Risk management methods and types of risk (inherent, residual) 

• Step-by-step process: identify assets, threats, controls, and measure risk 

• Common challenges in risk assessment 

• Integrating new technologies and addressing emerging threats 

• Utilizing frameworks like NIST CSF 2.0i 

Participants will learn how to prioritize assets, document controls, demonstrate compliance, and use risk assessments to inform security strategies and promote continuous improvement. 

• Security Auditing & Testing

IT Security Auditing and Testing provides a comprehensive overview of the procedures essential for maintaining strong cybersecurity in financial institutions. It covers various types and scopes of audits, relevant regulatory frameworks such as FFIEC and FDIC InTREx, and emphasizes the importance of risk-based, independent, and ongoing audit programs. 

Key Topics: 

• Technical and policy audits 

• Vulnerability assessments 

• Penetration testing 

• Social engineering evaluations 

• Effective audit planning and documentation 

• Clear reporting and action tracking 

• Common challenges in testing technology, personnel, and processes 
• Best practices for audits and security testing 

Participants will gain practical insights into designing audit programs, applying industry standards, and integrating audit findings into continuous risk management and security improvement efforts. 

• Vulnerability Assessment

System vulnerabilities continue to plague the software we rely on, and cybercriminals are evolving in their ability to quickly identify and exploit vulnerabilities.  

Key Topics: 

• Vulnerability assessment tools and techniques 

• Prioritizing vulnerabilities based on risk 

Participants will learn to identify, analyze, and prioritize vulnerabilities in banking systems and develop remediation strategies to protect critical assets.  

• Network Penetration Testing 

Learn and understand advanced penetration testing methods to evaluate the security of bank networks. This session includes reconnaissance, exploitation, post-exploitation, and reporting, with a focus on real-world scenarios and compliance requirements.  

• Cybersecurity

Explore the intricate technical foundations and the latest trends in cybersecurity as they specifically pertain to the banking sector. This session delves into the crucial elements of threat intelligence and examines the sophisticated attack vectors that cybercriminals employ.  

Participants will gain insights into effective defense strategies designed to safeguard financial institutions, as well as an understanding of the evolving tactics of cybercriminals who relentlessly target the banking industry. Join us to participate in engaging discussion that highlights the pressing challenges and innovative solutions within this critical field. 

• Artificial Intelligence

Study how AI and machine learning are revolutionizing cybersecurity in the banking sector. We’ll examine AI’s role in threat detection, automated response, and decision support, while addressing the ethical and regulatory considerations unique to banking. You’ll gain insight into how AI can create a competitive advantage, while also understanding the new risks and operational challenges it introduces. 

• Understanding OSINT 

Investigate how to utilize Open Source Intelligence (OSINT) for threat hunting, fraud detection, and investigations in the banking sector. Learn how to gather, analyze, and apply publicly available data to strengthen your institution’s security measures. This approach can be an effective resource for addressing both cybercrimes and physical threats to our institutions. 

• The Snares of the Dark Web

Explore the risks that the dark web poses to banks and their customers. This session will focus on understanding underground forums, identifying potential threats, and responding to data breaches and fraud that may arise from dark web activities. You’ll learn how to utilize insights from the dark web to enhance your institution’s awareness of cybercrimes and mitigate risks to our banks. 

• Ethical Web Application Hacking

As web applications increasingly become the foundation for innovation in the banking industry, critical vulnerabilities and attacks on these digital platforms continue to rise. It is essential that we understand how to assess and mitigate risk to protect data and maintain trust. In this hands-on technical session, participants will learn to ethically test and secure web applications, exploring common vulnerabilities—including those in the OWASP Top 10—along with exploitation techniques and secure coding practices to strengthen security posture. 

• Cyber Attacks and Incident Handling 

Get ready to handle cyber-attacks by using established incident handling methodologies. This session will cover the key steps: detection, containment, eradication, recovery, and post-incident analysis, with a special emphasis on threats specific to the banking sector and regulatory requirements. Learn from the mistakes and oversights of other organizations to enhance your preparedness and resilience. 

• Digital Forensics 

Gain practical skills in digital forensics specifically for banking environments. Learn techniques for evidence collection, analysis, and reporting to support incident investigations, regulatory inquiries, and legal proceedings. While it’s our hope that cybersecurity incidents never happen, the likelihood of them occurring is too significant to ignore. Basic preparation can turn digital forensics into a powerful tool for responding to incidents.

NOTE: The Cybersecurity School provides up to 4 hours of advanced placement credit toward several professional certifications available through the SBS Institute. For specifics, please contact SBS as they approve the credits toward these certifications.