From payment card fraud to skimming attacks and corporate account takeover, we've seen a wide variety of threats to banking institutions and their customers.
And with the advent of the ID Theft Red Flags Rule, and in the aftermath of the economic upheaval, we know banking regulators are paying closer attention to institutions' information security practices.
So, in light of increased threats and greater regulatory scrutiny, how should a banking institution approach one of its most critical undertakings - the information security risk assessment?
Learn how in this exclusive new webinar. Guided by an experienced banking/security leader, you will receive timely, hands-on advice and new risk assessment tools regarding:
How to build process and strategies to identify and manage risks;
Risk assessment techniques that work - and those that don't;
How to satisfy your regulators' and customers' security and privacy needs and requirements.
As recent events have taught us, information security risks are everywhere for banking institutions:
Internally, where rogue employees can compromise customer data and accounts;
At the ATM, where skimming devices defraud customers;
Throughout the transaction chain, at merchants and payments processors, where crimes force institutions to replace cards and rebuild trust;
On customers' own PCs, where malware steals banking credentials.
Federal banking regulators are clear on what banking institutions must do to ensure information security. The FFIEC IT Exam Handbook states that "A financial institution establishes and maintains truly effective information security when it continuously integrates processes, people, and technology to mitigate risk in accordance with risk assessment and acceptable risk tolerance levels."
But what the FFIEC doesn't tell financial institutions is how to conduct an effective risk assessment.
This webinar is about the "how."
Effective risk management involves effective communication, and the benefits of effective risk communication work both ways. One-on-one risk assessments provide a better method of communicating security awareness. Consequently, increased awareness improves adoption and demand for information risk services.
In this webinar, Steven Jones will discuss the importance of a sound risk assessment methodology as an essential component of a successful information security program. Taking a risk-based approach to information assurance is critical in a widely diverse threatscape and evolving regulatory environment. This session will provide real-world practices on identifying and classifying information assets and relating threats, vulnerabilities and controls to determine risk. This will provide the listener working knowledge of effective prioritization and communication of information risk.
This session will illustrate how to build a process to identify risks, implement a strategy to manage risks, and finally monitor the environment to control risks. Additionally, this conference will demonstrate how a formalized risk assessment process helps to align risk management practices with business strategy and improve risk communication. Attendees also will learn on how to integrate the organization's in-house, as well as outsourced, systems in the overall risk assessment.
Included will be information on tactics proven to work - as well as those that don't.
Prior to taking over information security responsibilities at First Horizon, Jones was director of information security at Synovus Financial. He was responsible for the company's organizational policy, risk management, security awareness, identity management, disaster recovery and other areas of risk management.