Events Calendar

Cyber Series Webinar: GLBA Security Expectations, Internal Controls & the Human Factor
Thursday, October 15, 2020, 03:00pm - 04:30pm

Humans, also known as staff, are often the weak link in the cybersecurity chain. This webinar will identify effective controls and best practices to guard against the “human factor.” It will also teach you how to apply the FFIEC’s Cybersecurity Assessment Tool (CAT), why a GLBA risk assessment is needed, and where risk can arise.


  • Effectively use the FFIEC’s Cybersecurity Assessment Tool (CAT) to drive cyber risk control adoption
  • Identify and implement effective controls against the human factor
  • Define the need for GLBA risk assessment
  • Explain and justify controls to reduce email phishing
  • List 10 “best practice” IT controls for financial institutions


Take a deep dive into GLBA expectations and learn how to apply the FFIEC’s Cybersecurity Assessment Tool (CAT) and process to address those expectations. You’ll learn best practice internal controls that are tied back to GLBA expectations for running a safe and sound cybersecurity operation. Case studies highlighting the human factor in the security chain will be emphasized to demonstrate where risky exceptions can arise. This webinar will also address the threats of targeted attacks and phishing/vishing. Examples of publicized breaches and spear-phishing will be examined, such as the compromise of John Podesta’s email from “Gmail” advising he must change his password for security reasons.


This informative session is designed for IT steering committee members, information security officers, auditors, and compliance officers.


  • Top 20 information technology controls checklist
  • IT risk assessment template
  • Sample policies
  • Website links for additional reference material
  • Employee training log
  • Interactive quiz

SPEAKER:  Randall J. Romes, CliftonLarsonAllen LLP

Randy Romes has been a cybersecurity consultant at CliftonLarsonAllen since 1999 and brings a strong background in computer technology, physics, and education. As a Principal in the Information Security Services and Financial Institutions groups, Randy leads a team of technology and industry specialists and is responsible for the continuing development of the open-source, Unix, and Windows applications used in security audits.

Randy has been involved in developing numerous leading-edge hacking/testing methods and security service offerings. A featured speaker at national information and security management conferences, Randy holds multiple certifications, a Master’s in Educational Technology from the University of Saint Thomas, and a Bachelor’s in Education from the University of Wisconsin – Madison. In addition, he is an instructor at the Graduate School of Banking at the University of Colorado in Boulder.