About Us | Contact Us
View Cart

The IT Governance Tour!

By Vigilize | Monday, December 19, 2016 - Leave a Comment

Click here for the Webinars.

Click here for the Movies.


Note: all dates are tentative and are in Eastern time zone (EDT/EST)!


Full 2018 Schedule

OCT 16
10 AM

Technology Planning
Our annual webinar on the subject will be focused on a simplified process for small institutions, and provide starting point boilerplates for documentation. Feel free to invite your entire technology committee!

Register Today!

NOV 20
10 AM

Testing your SIEM
 
Given that infotex has been watching networks since 2000, and has been developing a SIEM since 2005, and given that we are IT Auditors, we have a long laundry list of test for your SIEM.
 
In preparing our talk on SIEMs for the IBA’s Cybersecurity Conference, Dan had a whole section on testing SIEMs that would not make it into the talk. This one hour webinar is that section. Dan will review quality controls you must ensure are in place for your SIEM, and then deep dive into how to test each of those controls.

Registration Coming Soon!

DEC 18
10 AM

Simple as it SIEMs –
Technology Risk Monitoring for School Cybersecurity Professionals (1 hr 15)
 
Having worked as the MSSP of choice for several school corporations since 2003, infotex has developed a posture approach that will ensure our number one deliverable:
 
“Our Clients Sleep at Night.”
 
Dan will review why a school corporation should be using a SIEM, what a SIEM actually is . . . . and then the fun begins as we walk through a SIEM in action, and discuss tuning processes.

Registration Coming Soon!

JAN 15
10 AM

R-7 – The Top Seven Risks – 2019
When Dan presents audit reports to boards of directors, he also talks to the board about the top risks the institution is facing. Since 2006, Dan has been compiling a list of the “top seven risks small institutions are facing,” in preparation for his board presentations.

Registration Coming Soon!

MAR 12
10 AM

Sssshhhhh! (The Employee Risk Assessment!)
When Dan heard this idea by Chad Norstrom of Clifton Larsen Allen, at the 2018 IBA Cybersecurity Conference, he couldn’t stop thinking about it. By conducting an Employee Risk Assessment, we might be able to target security awareness training as well as prioritize both patch management and SIEM escalation.

Dan will review his latest spreadsheet creation in this one hour webinar.

Registration Coming Soon!

MAY 14
10 AM

From Yes/No to Maturity Scales – A New Audit Paradigm
One of the highest likelihood attacks we face as community-based banks is the pretext call. Resolving the issue is both difficult and time-consuming. This webinar, which will be the basis of a movie meant for all users, will define the problem, the solution, and (for ISOs) how we can teach our employees to implement the solution.

Registration Coming Soon!

JUL 16
10 AM

The Ultimate Management Awareness Training Exercise
This will be another “movie within a movie.”  In this webinar, Dan will establish the need for incident response testing as a management awareness training tool.  Within the webinar will be a short ten minute movie you will be able to show to your management team to help justify their participation in your test.

Registration Coming Soon!

SEP 17
10 AM

Disaster Planning Meets Awareness Training Meets Risk Monitoring
Integrating the Technical with the Nontechnical Aspects of Incident Response Planning. Case studies back up the need for a monthly Incident Response Team process.

Registration Coming Soon!

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Have a suggestion for an upcoming topic? Send your idea to [email protected]


MOVIES 


Down and Dirty Vendor Management
Watch Recorded Webinar
Based on what he is finding in reviews of several audits where Clients talked us into accepting shortcuts, Dan will review at least three five seven far-reaching shortcuts (that your auditor and/or examiner MAY agree with).

Teaching Out of Wallet Questions  
Watch Recorded Webinar
One of the highest likelihood attacks we face as community-based banks is the pretext call. Resolving the issue is both difficult and time-consuming. This webinar, which will be the basis of a movie meant for all users, will define the problem, the solution, and (for ISOs) how we can teach our employees to implement the solution. This is another of our Movie Within a Movie Webinars, where the longer webinar is meant to help ISOs understand what to do with the shorter movie (see next.)

Thirty Minute Version:  Asking Out of Wallet Questions:  The Movie for all Bank Employees 
Watch Recorded Webinar
Do you know how to prove a caller is who they say they are, before giving them sensitive information?

Let’s say it another way: Do you know how to identify telephone callers by asking what the regulators call “Out of Wallet Questions?”

This movie is meant to teach all bank employees how to ask Out of Wallet Questions, and why using them is so important to our customers’ financial health.

Unabridged One Hour Version:  Asking Out of Wallet Questions:  The Movie for all Bank Employees
Watch Recorded Webinar
Do you know how to prove a caller is who they say they are, before giving them sensitive information?

Let’s say it another way: Do you know how to identify telephone callers by asking what the regulators call “Out of Wallet Questions?”

This movie is meant to teach all bank employees how to ask Out of Wallet Questions, and why using them is so important to our customers’ financial health.


Cybersecurity for the Board 
Watch Recorded Webinar
Training for the Board of Directors is hard to conjure up. In this movie, Dan uses his annual R-7 list (see next) as the basis for your 2018 Board of Directors Cyberawareness meeting!  For ideas on how to present this to your board, see the next movie (Providing Board Awareness:  R-7: A Superhero’s Guide to 2018 and Beyond!)

Providing Board Awareness:  R-7: A Superhero’s Guide to 2018 and Beyond!
Watch Recorded Webinar
This webinar is for Information Security Offices who need to “get the board on board!”  It walks through the top seven risks community banks face in 2018/2019, from a board perspective, and includes the previous movie (Cybersecurity for the Board.). Each year Dan and his team assemble a “Top Seven Risks List” which Dan uses in his board presentations. In this webinar, Dan reviews the top risks that information security officers of small financial institutions will be focused on in 2018. This is another example of our “Movie Within A Movie” concept” where the longer webinar is meant to help ISO understand what to do with the shorter movie (see previous movie . . . Cybersecurity for the Board!).


Vigilize This! – Cybersanity and the Incident Response Program
Watch Recorded Webinar
Dan just found out this webinar is on his birthday, so he’s planning on an “outside-the-box” webinar, Dan (and others if necessary!) will be presenting the Equifax breach using the infotex boilerplate for the Incident Response Log as a framework.

Technology Planning
Watch Recorded Webinar
Our annual webinar on the subject will be focused on a simplified process for small institutions, and provide starting point boilerplates for documentation. Feel free to invite your entire technology committee!

You Asked For It
Contract Review: A Drill-Down for Those Brave Enough
!
Watch Recorded Webinar
In June we delivered a webinar called “What Do We Tell Those Poor Vendor Owners,” which was about simplifying the vendor management guidance so that your vendor owners can understand the big picture of what needs to happen, and reduced a contract checklist to four basic promises. The movie for that webinar is now available. But after the webinar, we received several requests to “drill down on that contract checklist.” This is that drill down.
Watch Video

Expected Controls:
How to Review a SOC-1 or Two, Part Two!
Watch Recorded Webinar
While the AICPA has been busy updating the SSAE-16 to an SSAE-18, we’ve been busy figuring out how to review the deliverables, regardless of the specifics of the approach taken. And we have one problem with the whole process: how do you know the vendor has tested the controls you would expect. This webinar is a drill-down on “How to Review a SOC-1 or Two.”

What to Look for in a SIEM
Watch Recorded Webinar
You’re needing to find a SIEM and you’re a small organization. You’re jaw still hurts from how hard it hit the ground when you found out how much time and effort goes into setting up your own SIEM. And that was before they gave you the price. And meanwhile, every time you ask a vendor what a SIEM is, you get a different answer. This webinar will try to look at a SIEM from the ground up . . . why it is important to have in place, what the cadillacs can do, what makes sense from adoption philosophy (early majority, later majority, laggard) planning perspectives. And . . . what does it need to do currently for small organizations.

Four Primary Risk Management Goals of a Contract
Watch Recorded Webinar
So you’re in a big hurry and you just want to quickly check if a contract passes muster. While your examiner might not like it, you have decided that you’re going to play the 80/20 rule. You have documented rationale . . . you don’t want to spend too much time in contract review if the assurance review fails, but you have to k now if the contract has basic provisions before you want to spend any time on the assurance review. You realize that your auditors and examiners will want to see a more thorough review if you DO pull the trigger, but you need to break through a chicken/egg regularity with new vendor due diligence: the contract and the assurance. So if, in a down-and-dirty contract review, you could find 80% of what really reduces risk, maybe you can save a lot of time by ignoring the other 20%, which is about 80% of the time it takes to review a contract. This webinar will talk about a prioritized approach to contract review that . . . . warning . . . may not be completely endorsed by your regulator. (But will at least get you to a quick decision as to whether it is worth pursuing the other elements of vendor due diligence.)

Canaries in a Coal Mine
Watch Recorded Webinar
As auditors who also watch networks as an MSSP, we see many leading indicators of breaches. This webinar will review both the “dead birds” . . . phenomena that means you’ve already been hacked . . . and the “sick birds,” phenomena that, if not fixed, will lead to a successful breach in your organization.

Password Management Controls
Watch Recorded Webinar
Authentication . . . one of the most important controls on our network . . . is often undefined, primarily because there is no good starting point. While most of us are big on documented password policies, the technical enforcement of nontechnical password policies remains a mystery to those outside network management. In this free webinar, Dan will review what we should document, what should remain undocumented, ways to address “shared credentials,” and . . .. most importantly, reveal a free boilerplate that will get you started on documenting your own Password Management Procedure.

Decision Trees as a Training Tool
Watch Recorded Webinar
So you’ve assembled your Incident Response Team, you’ve done the Plan Walkthrough, you’ve even tested the team a couple of times with tabletop testing. Now what? Join us for this free webinar as Dan provides a handy training . . . . and if you’re a large institution, planning . . . . tool!

Insurance Review Iteration #2
Watch Recorded Webinar
An unlikely question being placed on the desk of many Information Security Officers: How do you know you are properly insured? Dan will help us answer the question: What questions should be asked when you prepare to transfer risk (acquire Cyber Insurance or other types of Insurance)?

How to Review the SOC One or Two!
Watch Recorded Webinar
How do you know which user control considerations require follow-up? The SSAE-16 Review Checklist helps you organize your approach, make sure it is risk-based, and properly communicate resulting risk from the vendor due diligence process. An excel spreadsheet, this checklist includes all the appropriate questions that must be asked during an SSAE-16 review, with an easy risk ranking metric that will allow you to compare all critical vendors.

Data Flow Diagramming
Watch Recorded Webinar
If you’ve performed your Cybersecurity Assessment you’re probably wondering, “what is this data flow diagramming thing, why have my auditors never asked me for it, and how do I do one for my bank?” Join us as we run down the answers to those three important questions!

Incident Response in the World of CAT Domains Two, Three and Five
Watch Recorded Webinar
Are you through your cybersecurity assessment first iteration and wondering what the heck you’re going to do about a handful of statements related to incident response? Join us for this free one hour webinar that helps connect the dots from what you’re already doing to what you need to do as it comes to baseline and evolving incident response statements.

CAT NIP – Drilling Down on the CAT Incident Response Statements
Watch Recorded Webinar
So we’ve identified the dozens or so statements, in the Cybersecurity Assessment Tool, that we aren’t proud of. And many of them are about incident response. This webinar will drill down on one of the more prevalent deficiencies with smaller banks:
Testing Your Incident Response Plan
Learn how to fulfill the loose guidance about incident response testing in a manner that delivers value. Deliverables will include templates for a Test Plan, Test Minutes, and Post-mortem review, as well as discussion of sub-scenarios, tabletop test practices, and how to get incident response testing from your existing audit plan.

Cyber Insurance – The Questions that You Should Ask When You Transfer Technology Risk!
Watch Recorded Webinar
An unlikely question being placed on the desk of many Information Security Officers: How do you know you are properly insured? Dan will help us answer the question: What questions should be asked when you prepare to transfer risk (acquire Cyber Insurance or other types of Insurance)?

Awareness in All Directions
Watch Recorded Webinar
Back to the rest of Technology Risk Management, through IT Governance . . . . whether your most likely threat is cyber or non-technical pretext calling, no matter where the risk falls, the number one control that takes care of everything else is Awareness. A three-sixty summary of Awareness in All Directions . . . Board awareness, so that the entire company stays on the same page. Management awareness, so you ensure appropriate control enforcement. Technical awareness, so you learn mitigation controls to bring unacceptable inherent risk to acceptable (usually low) residual risk. And, of course, User Awareness, so that all users of technology and information enforce user controls. Dan will kickoff a four or five part series about the four corners of awareness in “Awareness in All Directions.”

Disaster Planning Meets Awareness Training Meets Risk Monitoring
Watch Recorded Webinar
Integrating the Technical with the Nontechnical Aspects of incident Response Planning. Case studies back up the need for a monthly Incident Response Team process.

Technology Planning
Watch Recorded Webinar
Our annual webinar on the subject will be focused on a simplified process for small institutions, and provide starting point boilerplates for documentation. Feel free to invite your entire technology committee!

Training Your Incident Response Team – The CAT MAIT Almanac
Watch Recorded Webinar
Start planning for easy ways to Train Your Incident Response Team in 2017. Dan will run through an almanac of CAT statements and suggest how existing guidance can be leveraged.

Incident Response Testing – What to Expect
Download
This presentation is intended for those who are planning to participate in an infotex incident response test. Please let us know what questions you have, when we have our Plan Walkthrough and Test Plan Approval meeting!

Legal Disclaimer
Watch Video
All presentations on this page come with this disclaimer!

Audit Expectations
Watch Video

 

 


same_strip_012513


Leave a comment

(required)

(required) [will not be published]

Solve this Captcha * Time limit is exhausted. Please reload CAPTCHA.

Latest News