Curriculum
The school’s comprehensive curriculum features two core areas of study – the business of banking and offensive and defensive IT security measures.
BUSINESS OF BANKING CURRICULUM
This section is an introduction to banking for technology and cybersecurity professionals who want to understand the business they serve, how it works, and a bank’s critical role in our local communities.
- Introduction to the Business of Banking
Learn the major components of a bank’s balance sheet, income statement and key ratios used in decision-making at the bank. This session also outlines the concept of strategic planning and achievement of sustainable competitive advantage. - Bank Profitability Analysis
Attendees will come away with a clear understanding of the main components that affect bank profitability. You’ll explore management’s focus on certain ratios and the effect on human resources requirements. - Asset/Liability Management
In this session, attendees will learn the goals, organization, and process of asset/liability management and how to integrate A/L with IT management goals. You’ll gain a better understanding of how to identify different types of risk and the implications of risk mismatch. - Bank Regulatory & Competitive Environment
Learn the forces that affect industry competitiveness and the impact of deregulation on earnings. Key issues for bank survival and prosperity and the shift from product-driven to market-driven strategies will also be discussed.
CYBERSECURITY CURRICULUM
- Security Breaches, Laws, & Regulations
This section provides a comprehensive overview of the evolving threat landscape facing financial institutions.Â
Key Topics:
- Recent high-profile breaches and ransomware attacks targeting financial institutionsÂ
- Standards from FFIEC, GLBA, FDIC, OCC, and NISTÂ
- Insights from real-world incidentsÂ
- Best Practices in Risk Management, Incident Response, Vendor oversight, Implementation of technical controls
- Information Security Management
Master the strategic and operational aspects of managing an information security program within a bank. This material emphasizes the crucial role of management in developing written policies, meeting regulatory requirements, and integrating administrative, technical, and physical safeguards. Â
Key Topics:
- Risk assessment and policy developmentÂ
- Asset and vendor managementÂ
- Access controls and security awarenessÂ
- Network security and business continuityÂ
- Incident response and social engineeringÂ
- Vulnerability management and audit processesÂ
- Using industry standards to meet emerging threats and regulatory demandsÂ
- Security Risk Assessment
This section provides a clear and practical guide for conducting risk assessments in financial institutions, focusing on regulatory requirements. It emphasizes the significance of risk assessments for ensuring compliance, facilitating informed decision-making, and developing robust information security programs. Â
Key Topics:Â
- Key regulatory standards: GLBA, FFIEC, NISTÂ
- Risk management methods and types of risk (inherent, residual)Â
- Step-by-step process: identify assets, threats, controls, and measure riskÂ
- Common challenges in risk assessmentÂ
- Integrating new technologies and addressing emerging threatsÂ
- Utilizing frameworks like NIST CSF 2.0iÂ
Participants will learn how to prioritize assets, document controls, demonstrate compliance, and use risk assessments to inform security strategies and promote continuous improvement.Â
- Security Auditing & Testing
IT Security Auditing and Testing provides a comprehensive overview of the procedures essential for maintaining strong cybersecurity in financial institutions. It covers various types and scopes of audits, relevant regulatory frameworks such as FFIEC and FDIC InTREx, and emphasizes the importance of risk-based, independent, and ongoing audit programs.Â
Key Topics:Â
- Technical and policy auditsÂ
- Vulnerability assessmentsÂ
- Penetration testingÂ
- Social engineering evaluationsÂ
- Effective audit planning and documentationÂ
- Clear reporting and action trackingÂ
- Common challenges in testing technology, personnel, and processesÂ
- Best practices for audits and security testingÂ
Participants will gain practical insights into designing audit programs, applying industry standards, and integrating audit findings into continuous risk management and security improvement efforts.Â
- Vulnerability Assessment
System vulnerabilities continue to plague the software we rely on, and cybercriminals are evolving in their ability to quickly identify and exploit vulnerabilities. Â
Key Topics:Â
- Vulnerability assessment tools and techniquesÂ
- Prioritizing vulnerabilities based on riskÂ
Participants will learn to identify, analyze, and prioritize vulnerabilities in banking systems and develop remediation strategies to protect critical assets. Â
- Network Penetration TestingÂ
Learn and understand advanced penetration testing methods to evaluate the security of bank networks. This session includes reconnaissance, exploitation, post-exploitation, and reporting, with a focus on real-world scenarios and compliance requirements. Â
- Cybersecurity
Explore the intricate technical foundations and the latest trends in cybersecurity as they specifically pertain to the banking sector. This session delves into the crucial elements of threat intelligence and examines the sophisticated attack vectors that cybercriminals employ. Â
Participants will gain insights into effective defense strategies designed to safeguard financial institutions, as well as an understanding of the evolving tactics of cybercriminals who relentlessly target the banking industry. Join us to participate in engaging discussion that highlights the pressing challenges and innovative solutions within this critical field.Â
- Artificial Intelligence
Study how AI and machine learning are revolutionizing cybersecurity in the banking sector. We’ll examine AI’s role in threat detection, automated response, and decision support, while addressing the ethical and regulatory considerations unique to banking. You’ll gain insight into how AI can create a competitive advantage, while also understanding the new risks and operational challenges it introduces.Â
- Understanding OSINTÂ
Investigate how to utilize Open Source Intelligence (OSINT) for threat hunting, fraud detection, and investigations in the banking sector. Learn how to gather, analyze, and apply publicly available data to strengthen your institution’s security measures. This approach can be an effective resource for addressing both cybercrimes and physical threats to our institutions.Â
- The Snares of the Dark Web
Explore the risks that the dark web poses to banks and their customers. This session will focus on understanding underground forums, identifying potential threats, and responding to data breaches and fraud that may arise from dark web activities. You’ll learn how to utilize insights from the dark web to enhance your institution’s awareness of cybercrimes and mitigate risks to our banks.Â
- Ethical Web Application Hacking
As web applications increasingly become the foundation for innovation in the banking industry, critical vulnerabilities and attacks on these digital platforms continue to rise. It is essential that we understand how to assess and mitigate risk to protect data and maintain trust. In this hands-on technical session, participants will learn to ethically test and secure web applications, exploring common vulnerabilities—including those in the OWASP Top 10—along with exploitation techniques and secure coding practices to strengthen security posture.Â
- Cyber Attacks and Incident HandlingÂ
Get ready to handle cyber-attacks by using established incident handling methodologies. This session will cover the key steps: detection, containment, eradication, recovery, and post-incident analysis, with a special emphasis on threats specific to the banking sector and regulatory requirements. Learn from the mistakes and oversights of other organizations to enhance your preparedness and resilience.Â
- Digital ForensicsÂ
Gain practical skills in digital forensics specifically for banking environments. Learn techniques for evidence collection, analysis, and reporting to support incident investigations, regulatory inquiries, and legal proceedings. While it’s our hope that cybersecurity incidents never happen, the likelihood of them occurring is too significant to ignore. Basic preparation can turn digital forensics into a powerful tool for responding to incidents.
Â
NOTE: The Cybersecurity School provides up to 4 hours of advanced placement credit toward several professional certifications available through the SBS Institute. For specifics, please contact SBS as they approve the credits toward these certifications.