Hot Issues in Cyber Compliance, Including Recent Changes to the IT Handbook

Wednesday, March 8, 2017

10:00 am – 11:30 am HST
12:00 pm – 1:30 pm PT
1:00 pm – 2:30 pm MT
2:00 pm – 3:30 pm CT
3:00 pm – 4:30 pm ET

The proactive development of a robust and sustained information security program is critically important to the safety and soundness of your financial institution’s operations. Aligned with NIST’s framework and FFIEC’s Cybersecurity Assessment Tool, the amended Information Security Booklet, one of the 11 booklets that make up the Information Technology Handbook (IT Handbook), was updated to “help examiners measure the adequacy of an institution’s culture, governance, information security program, security operations, and assurance processes.”

This webinar will provide a high-level, non-technical overview of FFIEC’s amendments to the Information Security Booklet and how the updates can impact your financial institution’s information security program.

Continuing Education: Attendance verification for CE credits upon request


  • Overview of Information Security Booklet’s examination procedure changes: Elimination of Tier I and Tier II procedures creating a single risk-based safety and soundness examination protocol
  • Information Security Booklet’s alignment with FFIEC’s cybersecurity assessment tool
  • FinCEN’s new cyber-event and cyber-enabled crime reporting expectations and impact on monitoring
  • Overview of FFIEC’s three actionable bullet points to ensure a robust information security program:
    • Support the institution’s IT risk management process by identifying threats, measuring risk, defining information security requirements, and implementing controls
    • Integrate with lines of business and support functions in which risk decisions are made
    • Integrate third-party service provider activities with the information security program
  • White House statement on the report of the Commission on Enhancing National Cybersecurity

    • FFIEC’s Information Security Booklet weblink (September 2016)
    • FinCEN’s cyber-event advisory with frequently asked questions (October 2016)
    • Commission on Enhancing National Cybersecurity report (December 2016)
    • Automated FFIEC cybersecurity assessment tool spreadsheet (FS-ISAC)
    • Template for wire authentication and validation procedures
    • Employee training log
    • Quiz you can administer to measure staff learning and a separate answer key


This informative session is intended for those involved in all aspects of risk management, including information security, risk, compliance, audit, and legal staff, as well as board and audit committee members.

PLEASE NOTE: Webinar content is subject to copyright and intended for your individual financial institution’s use only.