The Role of the Information Security Officer
Friday, August 12th, 2022 10:00 am - 12:00 pm
|
The ISO is also responsible for seeing that the information/cyber security program is implemented and satisfies the regulatory Interagency Guidelines for Establishing Information Security Standards (GLBA). While once thought to be a technology function the role was typically delegated to the IT Manager or Officer but today the ISO is to be independent of IT operations and report directly to the board, board committee, or senior management. In fact, the independence of the ISO is stated in not just one of the FFIEC IT Examination Booklets but two. The September 2016 Information Security Booklet states “to ensure appropriate segregation of duties, the ISO should be independent of IT operations staff and should not report to IT operations management”. The November 2015 Management Booklet states “the ISO should be an enterprise-wide risk management rather than a production resource devoted to IT operations”. What You Will Learn
FacultySusan OrrSusan Orr is a leading financial services expert with vast regulatory, risk management, and security best practice knowledge and expertise. |