The FFIEC released a revised Cybersecurity Assessment Tool (CAT) in May 2017. The update incorporates mapping to changes in the FFIEC IT Examination Handbook, while also allowing for a greater range of responses that lets institutions describe circumstances that impact controls adoption and/or mitigate risks in other ways. This session will summarize the changes, review case studies using the updated version, and address frequently asked questions related to application of the CAT to common situations.
- Changes in the revised CAT tool
- Compare CAT tool categories and specific controls to other common cybersecurity frameworks, such as the CIS critical controls and NIST security standards
- Case studies of CAT implementation/completion from other financial institutions
- Examples of compensating controls
- TAKE-AWAY TOOLKIT
- References for framework comparisons
- System and application hardening checklists
- Employee training log
- Quiz you can administer to measure staff learning and a separate answer key
WHO SHOULD ATTEND?
This informative session is directed to management, executives, and board/committee members with responsibility for managing or overseeing cybersecurity for your financial institution.
SPEAKER: Randall J. Romes, CliftonLarsonAllen LLP
Randy Romes has been a consultant at CliftonLarsonAllen since 1999 and brings a strong background in computer technology, physics, and education. As a Principal in the Information Security Services Group, Randy leads a team of technology and industry specialists and is responsible for the continuing development of the open-source, Unix, and Windows applications used in security audits.
Randy has been involved in developing numerous leading-edge hacking/testing methods and security service offerings. A featured speaker at national information and security management conferences, Randy holds multiple certifications, a Master’s in Educational Technology from the University of Saint Thomas, and a Bachelor’s in Education from the University of Wisconsin – Madison. In addition, he is an instructor at the Graduate School of Banking at the University of Colorado in Boulder.