Building Your IT Risk Management Program (Workshop)
Examiners have made it clear: if your management team understands the risk exposure of information and technology to your bank, you are definitely heading in the right direction. If risk is considered in all technology decision making, an effective IT risk management process has been implemented.
The standards themselves call for a risk assessment of all information assets. Beyond creating an inventory of assets, identifying threats and vulnerabilities, and assessing risk mitigation techniques, an effective risk management program puts the organization on guard in real time, in a manner that avoids threats and vulnerabilities as much as it mitigates the unavoidable risks or unpredictable problems.
Dan Hadaway, Managing Partner of infotex, will cover the following:
- The FFIEC Standards and Effective Risk Management Strategy
- The Importance of Permeation
- The Meaning of Multi-Disciplinary
- Formal Risk Measurement Requirements (Vendor, Project, Infrastructure, Physical, GLBA, MFA)
- Risk Metrics
- Risk Measurement Process
- Risk Measurement Tools (Technical and Non-Technical)
- Breakout Sessions
- Asset Inventory
- Asset Criticality Analysis
- Vendor Risk Threshold Analysis
- Project Risk Threshold Analysis
Is this New?
If you’ve attended Dan Hadaway’s previous workshops on IT Risk Assessment, this one differs because it:
- Presents a new, asset-based method of analyzing information security risk.
- Emphasizes methods to involve “all four corners of the bank” in the risk management process.
- Focuses breakout sessions on real-time risk management as well as RFP, new project, and reactive risk measurement techniques (whereas the last workshops focused on the annual risk assessment).
For more information on this very informative workshop or to register: Building Your IT Risk Management Program
