Security incidents are on the rise and there are significant regulatory expectations to have a documented and tested incident response program. ACH fraud, wire fraud, DDoS attacks, ransomware, extortion, hacking, and data leakage attacks are all examples of incidents for which community banks must prepare.
Incident response planning, recovery, and testing are areas of strong focus with regulators and banks. Before an incident, management’s goal is to minimize damage to the institution and customers through containment and restoration. After an incident, how is management required to address unauthorized access to, or use of, customer information? This webinar will address the process banks should use to identify, manage, remediate, and test security incidents. It will include assessing the nature and scope of the incident and identifying what customer information has been accessed or misused, notifying the primary federal regulator and appropriate law enforcement authorities, and filing a timely SAR. The role of digital forensics will be described so you are prepared for a forensic investigation. The session will also provide details on national and state data breach laws that your bank must comply with and provide a step-by-step roadmap to prepare an efficient and effective incident response program.
Recorded Tuesday, November 25, 2014
Continuing Education: Attendance verification for CE credits upon request
- What is a data breach?
- Define unauthorized access to customer data
- When should law enforcement or customers be notified of a data breach?
- What do the regulators want in an incident response program?
- Developing an incident response process
- Incident response testing and policy
- When to file SARs
- How will breach laws affect you?
- How to preserve evidence during a data breach
- What is the role of digital forensics during a security incident?
- How does a penetration test exercise an incident response program?
- TAKE-AWAY TOOLKIT
- Sample incident response program policy template
- Employee training log
- Quiz you can administer to measure staff learning and a separate answer key
WHO SHOULD ATTEND?
This informative session is directed to bank presidents, board members, operations supervisors, IT personnel, information security officers, and IT Committee members.
Webinar content is subject to copyright and intended for your individual financial institution’s use only.