About Us | Contact Us
View Cart

Building Your IT Risk Management Program

By Vigilize | Wednesday, June 1, 2011 - Leave a Comment

Dan Hadaway, Managing Partner of infotex, is presenting his workshop titled “Building Your IT Risk Management Program” through the Indiana Bankers Association on Wednesday, June 15th from 9:00 to 4:00 p.m.


Examiners have made it clear: if your management team understands the risk exposure of information and technology to your bank, you are definitely heading in the right direction. If risk is considered in all technology decision making, an effective IT risk management process has been implemented.

The standards themselves call for a risk assessment of all information assets. Beyond creating an inventory of assets, identifying threats and vulnerabilities, and assessing risk mitigation techniques, an effective risk management program puts the organization on guard in real time, in a manner that avoids threats and vulnerabilities as much as it mitigates the unavoidable risks or unpredictable problems.

Agenda Topics

  • The FFIEC Standards and Effective Risk Management Strategy
  • The Importance of Permeation
  • The Meaning of Multi-Disciplinary
  • Formal Risk Measurement Requirements (Vendor, Project, Infrastructure, Physical, GLBA, MFA)
  • Risk Metrics
  • Risk Measurement Process
  • Risk Measurement Tools
  • Breakout Sessions
  • Asset Inventory
  • Asset Criticality Analysis
  • Vendor Risk Threshold Analysis
  • Project Risk Threshold Analysis
  • Drill Down Risk Assessments (using Mobile Banking, iPads, and Social Media examples)

Deliverables
All workshop attendees receive free access to boilerplated policies, procedures, and tools, including drill-down assessements for Mobile Banking, Social Media and iPad deployment.

Is this New?
If you’ve attended Dan Hadaway’s previous workshops on IT Risk Assessment, this one differs because it:

  • Includes drill-down risk assessments for Mobile Banking, Social Media and iPad deployment.
  • Presents a new, asset-based method of analyzing information security risk.
  • Emphasizes methods to involve “all four corners of the bank” in the risk management process.
  • Focuses breakout sessions on real-time risk management as well as RFP, new project, and reactive risk measurement techniques (whereas the last workshops focused on the annual risk assessment).

Who Should Attend?
This workshop is directed to bank management, compliance personnel, and information technology managers . . . anyone involved in your bank’s CIRT or involved in developing information security policies / procedures should attend this hands-on workshop.

Presenter: Dan Hadaway
Dan Hadaway, CISA, CISM, is managing partner of Infotex, Inc, an Indiana Bankers Association preferred service provider in many areas of information technology including Risk Assessments and Information Security Training. Dan speaks regularly at conventions, conferences, and workshops. He is the facilitator of the IBA’s Annual Information Technology Security Conference, and is published in various trade magazines.

Dan has been managing information technology risk since the late 1980’s. He has helped create risk assessment programs for banks ranging in size from 40 million to 2.5 billion in assets.


You can find the registration for and additional information on the Indiana Bankers Association’s website: Building Your IT Risk Management Program


Latest News
    Implementing Protective DNS could help your organization avoid attack… An article review. Noting the risks still associated with the Domain Name System (DNS), the National Security Agency and the Cybersecurity and Infrastructure Security Agency (CISA) have recently released new guidance on the selection and use of a Protective DNS service (PDNS). The guidance, released in […]
    A Webinar-Movie In 2018 the NCUA started reviewing credit unions with $1 billion or more in assets using a tool known as the Automated Cybersecurity Examination Tool, or ACET. The expansion to smaller credit unions is inevitable. In the new year, credit unions should now think about how they can come into compliance with the […]
    What are the top seven risks your board should know about in 2021? Since his first board presentation in 2000, when Dan presents audit reports to boards of directors, he also talks to the board about the top risks the institution is facing. Since 2006, Dan has been compiling a list of the “top seven […]
    It’s time for another workshop for the technical side of the community-bank. The infotex Team brings you all new topics for 2021! Topics that are jam packed with all the techno-babble that is often lost on management, but is music to the Bank IT Geek’s ears. Time for a workshop where we can turn off the […]
     A Timeline Update as of 02/22/21 An update to our Newest Employee’s FIRST Technical Article Another interim post-mortem review . . . . A Note About Updates: We have decided to leave the original article as it was originally posted and to update this post with any changes that have been made. You can see […]
    Another awareness poster for YOUR customers (and users).  Now that we have our own employees aware, maybe it’s time to start posting content for our customers! Download the large versions here: Awareness Poster (Portrait) Awareness Poster (Landscape)   You are welcome to print out and distribute this around your office.  
    A Webinar-Movie The 2020 annual webinar update on the subject will include a review of the previous years’ movies that are already available, and a discussion about alternative tactics that have arisen from recent virtual conferences and regulator panels.
    The cybersecurity industry faces challenges, and some of them may involve your business… An article review. In a world where threats to your organization’s electronic assets are constantly emerging and evolving a cybersecurity insurance policy can help mitigate risk…but what kind of risk does the cybersecurity insurance industry face?  A new article in the Harvard […]
    A Timeline as of 01/24/2021 Our Newest Employee’s FIRST Technical Article Another interim post-mortem review . . . . A Note About Updates: We are leaving this article as is, but for any updates to the timeline, check the Autopsy of the SolarWinds Hack Timeline Update article!      – Vigilize Introduction: As the managing […]
    PRESS RELEASE – FOR IMMEDIATE RELEASE BUSINESS NEWS FORUM AND CONFERENCE NEWS infotex is proud to announce that Dan Hadaway will be moderating a series of IT Forums for the Ohio Bankers League. “We are excited to continue fostering the relationship with the OBL to help educate and keep Risk Management at the forefront of […]