About Us | Contact Us
View Cart

The IT Governance Tour!

By Vigilize | Monday, December 19, 2016 - Leave a Comment

Webinars, Workshops, and Conferences in 2017!


Note: all dates are tentative and are in Eastern time zone (EDT/EST)!

Wanna know where infotex is going to be teaching this year?  Let us know which topics you would like to see!


Last Topic: Vigilize This! – Cybersanity and the Incident Response Program!
Watch Recorded Webinar!

Current Topic: Top Seven Risks in 2018 (and M-7)  

Next Topic: From Yes/No to Maturity Scales – A New Audit Paradigm   


Full 2017 Schedule

12/19/17 – Webinar –
We will not have a webinar this month.

01/23/18 @ 10AM – FREE Webinar –
Top Seven Risks in 2018 (and M-7)
Registration Coming Soon!
Each year Dan and his team assemble a “Top Seven Risks List” which Dan uses in his board presentations. In this webinar, Dan will review the top risks that information security officers of small financial institutions will be focused on in 2018

02/20/18 @ 10AM – FREE Webinar –
From Yes/No to Maturity Scales – A New Audit Paradigm
Registration Coming Soon!
For years auditors and information security officers have been lamenting “the checklist audit” . . . . the yes/no approach to controls enforcement. Since 2010 Dan Hadaway has been calling for a Capability Maturity Model (CMM) approach to auditing, and was elated to see that the residual risk side of the Cybersecurity Assessment Tool, published by the FFIEC in 2015, adopted the CMM. In this webinar, Dan will discuss the history of the CMM’s adoption, and introduce a methodology for carrying this into our risk assessing and auditing.

03/20/18 @ 10AM – FREE Webinar –
Asking Out of Wallet Questions – The Movie for All Bank Employees
Register Today!                                                                                                    One of the highest likelihood attacks we face as community-based banks is the pretext call. Resolving the issue is both difficult and time consuming. This webinar, which will be the basis of a movie meant for all users, will define the problem, the solution, and (for ISOs) how we can teach our employees to implement the solution. Note that while the webinar and deliverables will be free, the movie, when available, will cost $59.95.

Have a suggestion for an upcoming topic? Send your idea to [email protected]


 

Already Presented 

 

    • Vigilize This! – Cybersanity and the Incident Response Program
      Watch Recorded Webinar
      Dan just found out this webinar is on his birthday, so he’s planning on an “outside-the-box” webinar, Dan (and others if necessary!) will be presenting the Equifax breach using the infotex boilerplate for the Incident Response Log as a framework.
    • Technology Planning
      Watch Recorded Webinar
      Our annual webinar on the subject will be focused on a simplified process for small institutions, and provide starting point boilerplates for documentation. Feel free to invite your entire technology committee!
    • You Asked For It
      Contract Review: A Drill-Down for Those Brave Enough
      !
      Watch Recorded Webinar
      In June we delivered a webinar called “What Do We Tell Those Poor Vendor Owners,” which was about simplifying the vendor management guidance so that your vendor owners can understand the big picture of what needs to happen, and reduced a contract checklist to four basic promises. The movie for that webinar is now available. But after the webinar, we received several requests to “drill down on that contract checklist.” This is that drill down.
      Watch Video
    • Expected Controls:
      How to Review a SOC-1 or Two, Part Two!
      Watch Recorded Webinar
      While the AICPA has been busy updating the SSAE-16 to an SSAE-18, we’ve been busy figuring out how to review the deliverables, regardless of the specifics of the approach taken. And we have one problem with the whole process: how do you know the vendor has tested the controls you would expect. This webinar is a drill-down on “How to Review a SOC-1 or Two.”
    • What to Look for in a SIEM
      Watch Recorded Webinar
      You’re needing to find a SIEM and you’re a small organization. You’re jaw still hurts from how hard it hit the ground when you found out how much time and effort goes into setting up your own SIEM. And that was before they gave you the price. And meanwhile, every time you ask a vendor what a SIEM is, you get a different answer. This webinar will try to look at a SIEM from the ground up . . . why it is important to have in place, what the cadillacs can do, what makes sense from adoption philosophy (early majority, later majority, laggard) planning perspectives. And . . . what does it need to do currently for small organizations.
    • Four Primary Risk Management Goals of a Contract
      Watch Recorded Webinar
      So you’re in a big hurry and you just want to quickly check if a contract passes muster. While your examiner might not like it, you have decided that you’re going to play the 80/20 rule. You have documented rationale . . . you don’t want to spend too much time in contract review if the assurance review fails, but you have to k now if the contract has basic provisions before you want to spend any time on the assurance review. You realize that your auditors and examiners will want to see a more thorough review if you DO pull the trigger, but you need to break through a chicken/egg regularity with new vendor due diligence: the contract and the assurance. So if, in a down-and-dirty contract review, you could find 80% of what really reduces risk, maybe you can save a lot of time by ignoring the other 20%, which is about 80% of the time it takes to review a contract. This webinar will talk about a prioritized approach to contract review that . . . . warning . . . may not be completely endorsed by your regulator. (But will at least get you to a quick decision as to whether it is worth pursuing the other elements of vendor due diligence.)
    • Canaries in a Coal Mine
      Watch Recorded Webinar
      As auditors who also watch networks as an MSSP, we see many leading indicators of breaches. This webinar will review both the “dead birds” . . . phenomena that means you’ve already been hacked . . . and the “sick birds,” phenomena that, if not fixed, will lead to a successful breach in your organization.
    • Password Management Controls
      Watch Recorded Webinar
      Authentication . . . one of the most important controls on our network . . . is often undefined, primarily because there is no good starting point. While most of us are big on documented password policies, the technical enforcement of nontechnical password policies remains a mystery to those outside network management. In this free webinar, Dan will review what we should document, what should remain undocumented, ways to address “shared credentials,” and . . .. most importantly, reveal a free boilerplate that will get you started on documenting your own Password Management Procedure.
    • Decision Trees as a Training Tool
      Watch Recorded Webinar
      So you’ve assembled your Incident Response Team, you’ve done the Plan Walkthrough, you’ve even tested the team a couple of times with tabletop testing. Now what? Join us for this free webinar as Dan provides a handy training . . . . and if you’re a large institution, planning . . . . tool!
    • Insurance Review Iteration #2
      Watch Recorded Webinar
      An unlikely question being placed on the desk of many Information Security Officers: How do you know you are properly insured? Dan will help us answer the question: What questions should be asked when you prepare to transfer risk (acquire Cyber Insurance or other types of Insurance)?
    • How to Review the SOC One or Two!
      Watch Recorded Webinar
      How do you know which user control considerations require follow-up? The SSAE-16 Review Checklist helps you organize your approach, make sure it is risk-based, and properly communicate resulting risk from the vendor due diligence process. An excel spreadsheet, this checklist includes all the appropriate questions that must be asked during an SSAE-16 review, with an easy risk ranking metric that will allow you to compare all critical vendors.
    • Data Flow Diagramming
      Watch Recorded Webinar
      If you’ve performed your Cybersecurity Assessment you’re probably wondering, “what is this data flow diagramming thing, why have my auditors never asked me for it, and how do I do one for my bank?” Join us as we run down the answers to those three important questions!
    • Incident Response in the World of CAT Domains Two, Three and Five
      Watch Recorded Webinar
      Are you through your cybersecurity assessment first iteration and wondering what the heck you’re going to do about a handful of statements related to incident response? Join us for this free one hour webinar that helps connect the dots from what you’re already doing to what you need to do as it comes to baseline and evolving incident response statements.
    • CAT NIP – Drilling Down on the CAT Incident Response Statements
      Watch Recorded Webinar
      So we’ve identified the dozens or so statements, in the Cybersecurity Assessment Tool, that we aren’t proud of. And many of them are about incident response. This webinar will drill down on one of the more prevalent deficiencies with smaller banks:
      Testing Your Incident Response Plan
      Learn how to fulfill the loose guidance about incident response testing in a manner that delivers value. Deliverables will include templates for a Test Plan, Test Minutes, and Post-mortem review, as well as discussion of sub-scenarios, tabletop test practices, and how to get incident response testing from your existing audit plan.
    • Cyber Insurance – The Questions that You Should Ask When You Transfer Technology Risk!
      Watch Recorded Webinar
      An unlikely question being placed on the desk of many Information Security Officers: How do you know you are properly insured? Dan will help us answer the question: What questions should be asked when you prepare to transfer risk (acquire Cyber Insurance or other types of Insurance)?
    • Awareness in All Directions
      Watch Recorded Webinar
      Back to the rest of Technology Risk Management, through IT Governance . . . . whether your most likely threat is cyber or non-technical pretext calling, no matter where the risk falls, the number one control that takes care of everything else is Awareness. A three-sixty summary of Awareness in All Directions . . . Board awareness, so that the entire company stays on the same page. Management awareness, so you ensure appropriate control enforcement. Technical awareness, so you learn mitigation controls to bring unacceptable inherent risk to acceptable (usually low) residual risk. And, of course, User Awareness, so that all users of technology and information enforce user controls. Dan will kickoff a four or five part series about the four corners of awareness in “Awareness in All Directions.”
    • Disaster Planning Meets Awareness Training Meets Risk Monitoring
      Watch Recorded Webinar
      Integrating the Technical with the Nontechnical Aspects of incident Response Planning. Case studies back up the need for a monthly Incident Response Team process.
    • Technology Planning
      Watch Recorded Webinar
      Our annual webinar on the subject will be focused on a simplified process for small institutions, and provide starting point boilerplates for documentation. Feel free to invite your entire technology committee!
    • Training Your Incident Response Team – The CAT MAIT Almanac
      Watch Recorded Webinar
      Start planning for easy ways to Train Your Incident Response Team in 2017. Dan will run through an almanac of CAT statements and suggest how existing guidance can be leveraged.
    • Incident Response Testing – What to Expect
      Download
      This presentation is intended for those who are planning to participate in an infotex incident response test. Please let us know what questions you have, when we have our Plan Walkthrough and Test Plan Approval meeting!
    • Legal Disclaimer
      Watch Video
      All presentations on this page come with this disclaimer!

     


    same_strip_012513


Leave a comment

(required)

(required) [will not be published]

Solve this Captcha * Time limit is exhausted. Please reload CAPTCHA.

Latest News