Jackie Marshall, VP, I.T. Regulatory Compliance
It’s a typical Monday morning, 9:00 am. You pour your second cup of coffee and join your associates in the conference room for the weekly management meeting. The CFO begins the meeting by announcing that the recent FDIC exam results include several changes to the information security policy (remember that 3 page document you wrote back in 2001 when you were scrambling to prepare for the pre-opening exam?) and they include a specific recommendation for the Board to designate an Information Security Officer.
Anyone interested? By the end of the meeting, (you swear you don’t know how it happened!), you own the title ISO.
Your first response is disbelief. Wait a second; I’m already in charge of operations, compliance and coordinating the annual walkathon for charity. Plus, isn’t information security a technical role?I can’t even remember my password to get into the network. You start to do some research. G-L-B-A, isn’t that what this is all about? You review section 501(b) and now you’re more confused than ever.
Does this story sound familiar? Since 1999, when President Clinton first enacted the GLBA, financial institutions have been challenged with the specifics of compliance. If you’ve got the title ISO you know that your job is to develop, implement and maintain a formal, written Information Security Program. The required components of this program include:
- Assessing risk and assigning effective security controls to protect customer information.
- Coordinating annual information security awareness training for employees.
- Managing appropriate procedures for responding to attempted or actual information security breaches (technical and non-technical).
- Managing vendor access to customer information.
As the ISO for your institution, you are in charge of making sure that your institution’s private customer information is kept secure now and in the future. HELP! How do you make this happen (especially with all the other “hats” you wear) and keep your sanity at the same time?
Tune in on June 8th, 2006 from 10:00 am – 11:00 am or June 15th, 2006 from 2:00 pm – 3:00 pm for the webcast, “You’ve got the title – Information Security Officer, Now What?”. Our I.T. regulatory compliance team of experts will focus on the responsibilities for the ISO. Topics will include:
- The “top ten” most important duties of the ISO
- What to include in the annual report to the Board of Directors
- How to effectively train all employees on information security awareness
- The politics of the role of ISO
- Anticipating the future of information security compliance
This presentation is part of a series of quarterly I.T. regulatory compliance webcasts scheduled in 2006.
For more in-depth coverage of what an ISO is and their responsibilities, attend one of our ISO training classes. In addition to learning how to be an effective ISO, you will define
objectives of a written Information Security Program based on the requirements outlined in Section 501b of the GLBA and the FFIEC guidelines for Information Security.
For more information, go to www.gladiatortechnology.com, Technology and Management Training for registration information.