Information security policies and procedures are the cornerstone of any information security program - and they are among the items that typically receive the greatest scrutiny from examiners and regulators. Cursory, disconnected or poorly communicated security policies will fail and likely drag down the overall information security program with them.
Register for this webinar to learn:
How to ensure your policies map to your own institution's risk profile;
How to structure your policies and presentations to senior management and board members;
The basics of information security policies and what they must cover.
Information security policies and procedures are the cornerstone of any information security program - and they are among the items that typically receive the greatest scrutiny from examiners and regulators.
But beyond satisfying examiners, clear and practical policies and procedures define an organization's expectations for security and how to meet those expectations. With a good set of policies and procedures, employees, customers, partners and vendors all know where you stand and where they fit in re: information security.
The key to creating effective policies and procedures is to start with a solid risk assessment, and then follow a measured program that includes:
This webinar is designed for IT professionals, risk managers, auditors or compliance officers who are responsible for writing, approving or reviewing security policies or procedures.
It's a daunting task to create effective policies and procedures, and it's ongoing work to monitor and maintain them. But in this age of endless information security threats, please remember: Policies and procedures aren't just a "nice to have" - they're a must.
Former Dir. Information Security Risk Management, First Republic Bank
Bill Sewall is an Information security, compliance and risk management specialist with 30 years experience as a corporate attorney and general counsel, CIO, information security officer, and operational risk manager.
Prior to First Republic Bank, Sewall spent 10 years as a senior executive information security officer in Citigroup, including management of the IS training and awareness program and responsibility for the Citigroup IS Policy and Standards.
Over the course of his career as a business manager, he has built data centers, lead development and systems groups and managed audit and assessments in such areas as GLBA, SOX and Basel II.