Events Calendar

Cyber Series Webinar: Cybersecurity Assessment Tool 2.0 & GLBA Privacy
Thursday, September 10, 2020, 03:00pm - 04:30pm

Get an introduction to the FFIEC’s Cybersecurity Assessment Tool (CAT) as well as resources for assessing cybersecurity maturity. Join us to learn about using the CAT for measuring, tracking, and reporting compliance – and the overlay of GLBA compliance.


  • Understand the circumstances leading to creation of the FFIEC’s Cybersecurity Assessment Tool
  • Explain the different criteria for varying cyber maturity
  • Use mapping tools to compare FFIEC CAT, NIST CSF, and CIS Critical Controls
  • Evaluate your institution’s cyber controls for GLBA compliance by using the CAT process


This webinar will be an introduction to the FFIEC’s Cybersecurity Assessment Tool (CAT) and will delve into its history and evolution, including the change from a binary approach (i.e., control exists or does not exist) to the current assessment of cybersecurity readiness measurement. This introductory webinar will provide an overview of GLBA compliance and application of the CAT tool/process for measuring, tracking, and reporting compliance.


This informative session is designed for IT/cybersecurity management and staff responsible for risk management and internal audit.


  • Resources and reference materials for assessing cybersecurity maturity
    • NIST Cybersecurity Maturity Model
    • Center for Internet Security (CIS) Critical Controls
    • Tools to link and map the FFIEC CAT, NIST Cybersecurity Framework, and CIS Critical Controls
  • Employee training log
  • Interactive quiz


Randall J. Romes, CliftonLarsonAllen LLP

Randy Romes has been a cybersecurity consultant at CliftonLarsonAllen since 1999 and brings a strong background in computer technology, physics, and education. As a Principal in the Information Security Services and Financial Institutions groups, Randy leads a team of technology and industry specialists and is responsible for the continuing development of the open-source, Unix, and Windows applications used in security audits.

Randy has been involved in developing numerous leading-edge hacking/testing methods and security service offerings. A featured speaker at national information and security management conferences, Randy holds multiple certifications, a Master’s in Educational Technology from the University of Saint Thomas, and a Bachelor’s in Education from the University of Wisconsin – Madison. In addition, he is an instructor at the Graduate School of Banking at the University of Colorado in Boulder.

John Moeller, CliftonLarsonAllen LLP

John Moeller, a principal at CliftonLarsonAllen, is focused on serving the technology needs of financial institutions. Over the past 35 years, John has gained extensive experience developing strategic technology plans for financial institutions. He performs technology and vulnerability/risk assessments, controls reviews, and information security and business continuity program development, implementation, training, and testing.

John is a frequent speaker on information security, IT assessments and strategy, CIO outsourcing, and managed IT services. He holds several professional certifications, including Certified Information Systems Security Professional, Certified Ethical Hacker, and EC Council – Certified Security Analyst. He received a bachelor’s in Information Technology from Capella University.