About Us | Contact Us
View Cart

The IT Governance Tour!

By Vigilize | Monday, December 19, 2016 - Leave a Comment

Click here for the Webinars.

Click here for the Movies.


Note: all dates are tentative and are in Eastern time zone (EDT/EST)!

Wanna know where infotex is going to be teaching this year?  Let us know which topics you would like to see!


Full 2018 Schedule

JUN 20
10 AM

EOBL-MBA-ILFI Joint Conference on Mackinac Island!
Cyber sanity While Watching for Sick Birds

Using the metaphor of a Canary in a Coal Mine, this humorous presentation leverages the insane practices we see in publicly chartered data breaches as teachable moments to highlight the role that management should play in Cybersecurity. At a minimum, this role should be to help us avoid the insanity we have seen in breach responses ranging from Target to Equifax. While intended for Directors, this talk delivers a list of practices we are still deploying in banking today which may be as insane as what we’re seeing in the well-publicized breaches.

Registration Coming Soon!

JUN
27-28

The Chesterton Event
From establishing the security culture to vulnerability assessments and information security reporting, Day One of this two-day event is meant for the “more technical” of our friends. From insurance review to incident response planning to an afternoon of golf, day two is meant for the more nontechnical (or the more athletic!) of our friends. The event planning is still in process, but if you would like to join us, please email [email protected].

JUL 17
10 AM

Down and Dirty Vendor Management
Based on what he is finding in reviews of several audits where Clients talked us into accepting shortcuts, Dan will review at least three five seven far-reaching shortcuts (that your auditor and/or examiner MAY agree with).

Registration Coming Soon!

JUL 19
10 AM - 3 PM

Cybersecurity Basics for Non-Technical Bank Management
Do you have confidence in your role in cybersecurity as outlined by the regulators? Do you understand where cyber risk intersects the risk you manage? Do your committee members understand your bank’s cybersecurity posture, and more importantly, how committee objectives plug into it?
While your technical team is busy fighting the fight against cybersecurity threats, how can Management ensure they lend the appropriate support? What simple practices can we adopt to ensure persistent audit readiness?

Register Today!

AUG 21
10 AM

What to look for in a SIEM
You’re needing to find a SIEM and you’re a small organization. You’re jaw still hurts from how hard it hit the ground when you found out how much time and effort goes into setting up your own SIEM. And that was before they gave you the price. And meanwhile, every time you ask a vendor what a SIEM is, you get a different answer. This webinar will try to look at a SIEM from the ground up . . . why it is important to have in place, what the cadillacs can do, what makes sense from adoption philosophy (early majority, later majority, laggard) planning perspectives. And . . . what does it need to do currently for small organizations

Registration Coming Soon!

SEP 18
10 AM

Insurance Review Iteration #2
An unlikely question being placed on the desk of many Information Security Officers: How do you know you are properly insured? Dan will help us answer the question: What questions should be asked when you prepare to transfer risk (acquire Cyber Insurance or other types of Insurance)?

Registration Coming Soon!

OCT 16
10 AM

Disaster Planning Meets Awareness Training Meets Risk Monitoring
Integrating the Technical with the Nontechnical Aspects of Incident Response Planning. Case studies back up the need for a monthly Incident Response Team proces

Registration Coming Soon!

NOV 20
10 AM

Technology Planning
Our annual webinar on the subject will be focused on a simplified process for small institutions, and provide starting point boilerplates for documentation. Feel free to invite your entire technology committee!

Registration Coming Soon!

DEC 18
10 AM

Training Your Incident Response Team – The CAT MAIT Almanac
Start planning for easy ways to Train Your Incident Response Team in 2017. Dan will run through an almanac of CAT statements and suggest how existing guidance can be leveraged.http://my.infotex.com/the-movie-for-all-bank-employees

Registration Coming Soon!

JAN 15
10 AM

From Yes/No to Maturity Scales – A New Audit Paradigms
One of the highest likelihood attacks we face as community-based banks is the pretext call. Resolving the issue is both difficult and time-consuming. This webinar, which will be the basis of a movie meant for all users, will define the problem, the solution, and (for ISOs) how we can teach our employees to implement the solution.

Registration Coming Soon!

 

 

 

 

 

 

 

 

 

 

 

 

Have a suggestion for an upcoming topic? Send your idea to [email protected]


MOVIES 

Asking Out of Wallet Questions  
Watch Recorded Webinar
One of the highest likelihood attacks we face as community-based banks is the pretext call. Resolving the issue is both difficult and time-consuming. This webinar, which will be the basis of a movie meant for all users, will define the problem, the solution, and (for ISOs) how we can teach our employees to implement the solution.

The Movie for all Bank Employees 
Watch Recorded Webinar

 

Cybersecurity for the Board 
Watch Recorded Webinar
Training for the Board of Directors.

Top Seven Risks in 2018 (and M-7)
Watch Recorded Webinar
Each year Dan and his team assemble a “Top Seven Risks List” which  Dan uses in his board presentations. In this webinar, Dan will review the top risks that information security officers of small financial institutions will be focused on in 2018.

Vigilize This! – Cybersanity and the Incident Response Program
Watch Recorded Webinar
Dan just found out this webinar is on his birthday, so he’s planning on an “outside-the-box” webinar, Dan (and others if necessary!) will be presenting the Equifax breach using the infotex boilerplate for the Incident Response Log as a framework.

Technology Planning
Watch Recorded Webinar
Our annual webinar on the subject will be focused on a simplified process for small institutions, and provide starting point boilerplates for documentation. Feel free to invite your entire technology committee!

You Asked For It
Contract Review: A Drill-Down for Those Brave Enough
!
Watch Recorded Webinar
In June we delivered a webinar called “What Do We Tell Those Poor Vendor Owners,” which was about simplifying the vendor management guidance so that your vendor owners can understand the big picture of what needs to happen, and reduced a contract checklist to four basic promises. The movie for that webinar is now available. But after the webinar, we received several requests to “drill down on that contract checklist.” This is that drill down.
Watch Video

Expected Controls:
How to Review a SOC-1 or Two, Part Two!
Watch Recorded Webinar
While the AICPA has been busy updating the SSAE-16 to an SSAE-18, we’ve been busy figuring out how to review the deliverables, regardless of the specifics of the approach taken. And we have one problem with the whole process: how do you know the vendor has tested the controls you would expect. This webinar is a drill-down on “How to Review a SOC-1 or Two.”

What to Look for in a SIEM
Watch Recorded Webinar
You’re needing to find a SIEM and you’re a small organization. You’re jaw still hurts from how hard it hit the ground when you found out how much time and effort goes into setting up your own SIEM. And that was before they gave you the price. And meanwhile, every time you ask a vendor what a SIEM is, you get a different answer. This webinar will try to look at a SIEM from the ground up . . . why it is important to have in place, what the cadillacs can do, what makes sense from adoption philosophy (early majority, later majority, laggard) planning perspectives. And . . . what does it need to do currently for small organizations.

Four Primary Risk Management Goals of a Contract
Watch Recorded Webinar
So you’re in a big hurry and you just want to quickly check if a contract passes muster. While your examiner might not like it, you have decided that you’re going to play the 80/20 rule. You have documented rationale . . . you don’t want to spend too much time in contract review if the assurance review fails, but you have to k now if the contract has basic provisions before you want to spend any time on the assurance review. You realize that your auditors and examiners will want to see a more thorough review if you DO pull the trigger, but you need to break through a chicken/egg regularity with new vendor due diligence: the contract and the assurance. So if, in a down-and-dirty contract review, you could find 80% of what really reduces risk, maybe you can save a lot of time by ignoring the other 20%, which is about 80% of the time it takes to review a contract. This webinar will talk about a prioritized approach to contract review that . . . . warning . . . may not be completely endorsed by your regulator. (But will at least get you to a quick decision as to whether it is worth pursuing the other elements of vendor due diligence.)

Canaries in a Coal Mine
Watch Recorded Webinar
As auditors who also watch networks as an MSSP, we see many leading indicators of breaches. This webinar will review both the “dead birds” . . . phenomena that means you’ve already been hacked . . . and the “sick birds,” phenomena that, if not fixed, will lead to a successful breach in your organization.

Password Management Controls
Watch Recorded Webinar
Authentication . . . one of the most important controls on our network . . . is often undefined, primarily because there is no good starting point. While most of us are big on documented password policies, the technical enforcement of nontechnical password policies remains a mystery to those outside network management. In this free webinar, Dan will review what we should document, what should remain undocumented, ways to address “shared credentials,” and . . .. most importantly, reveal a free boilerplate that will get you started on documenting your own Password Management Procedure.

Decision Trees as a Training Tool
Watch Recorded Webinar
So you’ve assembled your Incident Response Team, you’ve done the Plan Walkthrough, you’ve even tested the team a couple of times with tabletop testing. Now what? Join us for this free webinar as Dan provides a handy training . . . . and if you’re a large institution, planning . . . . tool!

Insurance Review Iteration #2
Watch Recorded Webinar
An unlikely question being placed on the desk of many Information Security Officers: How do you know you are properly insured? Dan will help us answer the question: What questions should be asked when you prepare to transfer risk (acquire Cyber Insurance or other types of Insurance)?

How to Review the SOC One or Two!
Watch Recorded Webinar
How do you know which user control considerations require follow-up? The SSAE-16 Review Checklist helps you organize your approach, make sure it is risk-based, and properly communicate resulting risk from the vendor due diligence process. An excel spreadsheet, this checklist includes all the appropriate questions that must be asked during an SSAE-16 review, with an easy risk ranking metric that will allow you to compare all critical vendors.

Data Flow Diagramming
Watch Recorded Webinar
If you’ve performed your Cybersecurity Assessment you’re probably wondering, “what is this data flow diagramming thing, why have my auditors never asked me for it, and how do I do one for my bank?” Join us as we run down the answers to those three important questions!

Incident Response in the World of CAT Domains Two, Three and Five
Watch Recorded Webinar
Are you through your cybersecurity assessment first iteration and wondering what the heck you’re going to do about a handful of statements related to incident response? Join us for this free one hour webinar that helps connect the dots from what you’re already doing to what you need to do as it comes to baseline and evolving incident response statements.

CAT NIP – Drilling Down on the CAT Incident Response Statements
Watch Recorded Webinar
So we’ve identified the dozens or so statements, in the Cybersecurity Assessment Tool, that we aren’t proud of. And many of them are about incident response. This webinar will drill down on one of the more prevalent deficiencies with smaller banks:
Testing Your Incident Response Plan
Learn how to fulfill the loose guidance about incident response testing in a manner that delivers value. Deliverables will include templates for a Test Plan, Test Minutes, and Post-mortem review, as well as discussion of sub-scenarios, tabletop test practices, and how to get incident response testing from your existing audit plan.

Cyber Insurance – The Questions that You Should Ask When You Transfer Technology Risk!
Watch Recorded Webinar
An unlikely question being placed on the desk of many Information Security Officers: How do you know you are properly insured? Dan will help us answer the question: What questions should be asked when you prepare to transfer risk (acquire Cyber Insurance or other types of Insurance)?

Awareness in All Directions
Watch Recorded Webinar
Back to the rest of Technology Risk Management, through IT Governance . . . . whether your most likely threat is cyber or non-technical pretext calling, no matter where the risk falls, the number one control that takes care of everything else is Awareness. A three-sixty summary of Awareness in All Directions . . . Board awareness, so that the entire company stays on the same page. Management awareness, so you ensure appropriate control enforcement. Technical awareness, so you learn mitigation controls to bring unacceptable inherent risk to acceptable (usually low) residual risk. And, of course, User Awareness, so that all users of technology and information enforce user controls. Dan will kickoff a four or five part series about the four corners of awareness in “Awareness in All Directions.”

Disaster Planning Meets Awareness Training Meets Risk Monitoring
Watch Recorded Webinar
Integrating the Technical with the Nontechnical Aspects of incident Response Planning. Case studies back up the need for a monthly Incident Response Team process.

Technology Planning
Watch Recorded Webinar
Our annual webinar on the subject will be focused on a simplified process for small institutions, and provide starting point boilerplates for documentation. Feel free to invite your entire technology committee!

Training Your Incident Response Team – The CAT MAIT Almanac
Watch Recorded Webinar
Start planning for easy ways to Train Your Incident Response Team in 2017. Dan will run through an almanac of CAT statements and suggest how existing guidance can be leveraged.

Incident Response Testing – What to Expect
Download
This presentation is intended for those who are planning to participate in an infotex incident response test. Please let us know what questions you have, when we have our Plan Walkthrough and Test Plan Approval meeting!

Legal Disclaimer
Watch Video
All presentations on this page come with this disclaimer!

Audit Expectations
Watch Video

 

 


same_strip_012513


Leave a comment

(required)

(required) [will not be published]

Solve this Captcha * Time limit is exhausted. Please reload CAPTCHA.

Latest News