About Us | Contact Us
View Cart

CBAO Workshop: Building Your IT Risk Management Program

By Vigilize | Tuesday, May 29, 2012 - Leave a Comment
Dan Hadaway founded Infotex in 2000 to help banks comply with the then-new Gramm Leach Bliley Act. Since then he has grown the firm to be a leading Managed Security Service Provider (MSSP) that also provides IT Audit services as well as IT Governance consulting. As one of the first to hold a CRISC designation, Dan helped write the review manual for the Certified in Risk and Information Systems Control certification (CRISC), which recognizes professionals for their knowledge of enterprise risk and their ability to design, implement, monitor and maintain information system controls to mitigate such risk. Dan speaks regularly at conferences and conventions, and facilitates an annual IT Security Conference for banks. His often humorous writings have been published in several publications, including Hoosier Banker and BankNotes.

Dan Hadaway Presents at the Community Bankers Association of Ohio

Examiners have made it clear: if your management team understands the risk exposure of information and technology to your bank, you are definitely heading in the right direction. If risk is considered in all technology decision making, an effective IT risk management process has been implemented.

The standards themselves call for a risk assessment of all information assets. Beyond creating an inventory of assets, identifying threats and vulnerabilities, and assessing risk mitigation techniques, an effective risk management program puts the organization on guard in real time, in a manner that avoids threats and vulnerabilities as much as it mitigates the unavoidable risks or unpredictable problems.



The Community Bankers Association of Ohio’s workshop is scheduled for June 12, 2012.
Registrations
are currently being taken for the CBAO workshop.


Building Your IT Risk Management Program: A Risk-Based Approach to Everything
Dan Hadaway, in conjunction with the Community Bankers Association of Ohio, will be presenting our workshop titled Building Your IT Risk Management Program: A Risk-Based Approach to Everything, where he will cover various aspects of risk assessments.

Agenda

  • The FFIEC Standards and Effective Risk Management Strategy
  • The Importance of Permeation
  • The Meaning of Multi-Disciplinary
  • Formal Risk Measurement Requirements (Vendor, Project, Infrastructure, Physical, GLBA, MFA)
  • Risk Metrics
  • Risk Measurement Process and Tools
  • Breakout Sessions
  • Asset Inventory
  • Asset Criticality Analysis
  • Vendor Risk Threshold Analysis
  • Project Risk Threshold Analysis
  • Drill Down Risk Assessments (using Mobile Banking, Social Media, Virtualization, and Authentication as workshop examples)

Deliverables (Templates)
All workshop attendees receive free access to boilerplated policies, procedures, and tools, including drill-down assessments for Mobile Banking, Social Media, and iPad deployment.

Who Should Attend
Though Information Security Officers would of course benefit, this workshop is also directed to bank management, compliance personnel, and information technology managers . . . anyone involved in your bank’s technology oversight process.

About the Speaker
Dan Hadaway CRISC, CISA, CISM

Dan, who is the President of infotex, an Indiana Bankers Association Preferred Service Provider, comes from an entrepreneurial background which gave him his first experience managing the IT governance process in 1984. Prior to founding infotex in 2000, he had overseen software development projects, e-commerce application development, and many network installation projects. He wrote his first Acceptable Use Policy in 1986, and conducted his first Information Technology risk assessment in 1989.

Dan focused infotex on the banking industry in 2003 when he oversaw the acquisition of Paradigm Shift Security. He now works extensively with banks, engaging in projects ranging from IT Audits to Awareness Training to GLBA Compliance Consulting. He tailors his consulting to any size bank, working on simple user-level policies with banks as small as one location, to providing board and management-level regulatory compliance training for Fortune 500 companies. His primary strength is the use of risk management fundamentals to help banks determine where they need to be on the compliance spectrum.


 

Latest News
    How Do We Know What We Know? Making Sure You Can Understand What Happened in an Incident. Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . Until I reclined on my front yard, looking at the sky, following the instructions on how not to look […]
    Another awareness poster for YOUR customers (and users).  Now that we have our own employees aware, maybe it’s time to start posting content for our customers! Download the large versions here: Awareness Poster (Portrait) Awareness Poster (Landscape)   You are welcome to print out and distribute this around your office. Interested in one of ours […]
    President Biden recently signed a bill tasking the agency with evaluating the unique risks that schools face… An article review. Taking note of the unique challenges educational institutions face in securing their networks, President Biden has signed a bill into law directing the Cybersecurity and Infrastructure Security Agency (CISA) to look into ways that they can […]
    Thanks for being interested in our Technology Planning Webinars! This year‘s annual update to our annual Technology Planning webinar will include a panel discussion, a review of the previous years’ movies that are already available, and a discussion about alternative tactics that have arisen from recent conferences as well as the impact of the AIO […]
    Welcome Cybersecurity Conference Attendees! Thanks for joining us for the Cybersecurity Conference today! We have created this page for you to have access to the deliverables from Dan’s talk.  
    What you need to know for compliance coast-to-coast. Back in 2020 we posted an article containing links to data breach laws from each state, and it has proven to be one of our more popular posts.  Because laws surrounding the use (and abuse) of technology are always evolving, we thought it was worth taking another […]
    Why It Rhymes With SEEM (And its Not the I Before E Rule) Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . It’s the Gestalt. The idea that the whole is greater than the sum of it’s parts. That’s not something that is often brought […]
    Another awareness poster for YOUR customers (and users).  Now that we have our own employees aware, maybe it’s time to start posting content for our customers! Download the large versions here: Awareness Poster (Portrait) Awareness Poster (Landscape)   You are welcome to print out and distribute this around your office. Interested in one of ours […]
    Questions about China’s new disclosure laws only highlight the uncertainty about disclosure in general… An article review. China recently made waves in the security world by announcing a new set of data security laws, one of which has added new fuel to a long running debate: how and when should security vulnerabilities be disclosed…and to […]