Surviving an FFIEC IT Security Exam

Wednesday, May 10, 2017

12:00 pm – 1:30 pm PT
1:00 pm – 2:30 pm MT
2:00 pm – 3:30 pm CT
3:00 pm – 4:30 pm ET

IT operations and cyber-security risk are two of the top risks to assess in exams. Updated requirements and guidance for the FFIEC IT Examination Handbook (November 2015) and the FFIEC Information Security Booklet (September 2016) have significantly changed expectations for IT and cyber-security exams. This webinar will review case study results from late 2016 and early 2017 regulatory exams to see how financial institutions are successfully implementing the new guidance. Topics will include risk assessment, standards-based change and vulnerability management, and monitoring and breach-response strategies.

Continuing Education: Attendance verification for CE credits upon request


  • How changes to the FFIEC IT Examination Handbook are being applied in regulatory exams, including:
    • Governance of the information security program
    • Information security program management
    • Security operations
    • Information security program effectiveness
  • How to apply the FFIEC Cybersecurity Assessment Tool (CAT), including:
    • Inherent risk profile
    • Program maturity based on understanding controls
  • Examples and resources to support vulnerability management program standards

    • Vulnerability management policies/standards template
    • Resources for defining information systems standards and hardening checklists
    • Employee training log
    • Quiz you can administer to measure staff learning and a separate answer key


This informative session is designed for individuals responsible for information technology, including internal audit, IT audit, IT risk management, and IT operational management.

PLEASE NOTE: Program content is subject to copyright and intended for your individual financial institution’s use only.