The FFIEC Cybersecurity Assessment Tool: Measuring and Interpreting Risks
To help financial institutions assess their cybersecurity preparedness and identify their risks, the Federal Financial Institutions Examination Council (FFIEC) released its Cybersecurity Assessment Tool (CAT) in June 2015. The CAT consists of two parts: the Inherent Risk Profile and the Cybersecurity Maturity. Through the CAT, companies can determine the suitability of maturity levels with their cyber risks, enabling them to take necessary action.
The assessment tool is a complement to, not a replacement for, the company’s cybersecurity program and risk management process. While it was designed for self-assessment, financial institutions still need experienced guidance in undertaking these assessments.
The Knowledge Group has assembled a panel of key thought leaders and professionals to provide the audience with an in-depth analysis and understanding of the FFIEC Cybersecurity Assessment Tool and will provide expert insights on how to maximize its benefits.
Key topics include:
- The CAT – An Overview
- Cybersecurity Trends and Developments
- CAT Implementation Challenges
- The Need for Experienced Guidance
- Maximizing CAT Benefits
SEGMENT 1: Alex Hernandez, VP of Customer Solutions
- What is the FFIEC CAT and where did it come from
- What are the components of the CAT (Risk, Domains, Maturity level, etc)
- What is the process for completing the FFIEC CAT
- Introduction to the DefenseStorm CAT tool
SEGMENT 2: Michael C. Redmond, Lead Strategic Consultant
- What is the role of the Chief Executive Officers and Boards of Directors in referent to oversight and management of the organizations Cyber Security??
- How can you incorporate the FFIEC Cyber Assessment Tool “Inherent Risk Profile” document into your Cyber Security Risk Assessment to better identify exploitable vulnerabilities?
- What are the Risk Domains that the tool covers? How does this tool help in mitigating Risk by applying controls?
- How to use the Cyber Assessment Tool to comply with the NIST National Institute of Standards and Technology (NIST) Framework.
- After determining your organizations Maturity level using the Assessment Too, what is the best way to use the tool to identify the Maturity Level for each Domain?
SEGMENT 3: Dominique R. Shelton, Partner
Alston & Bird LLP
- FFIEC in relation to NIST and other frameworks
- Compliance Suggestions
Who Should Attend:
- Chief Executive Officers
- Chief Financial Officers
- Finance Executives
- Information Technology and Network Managers
- Cyber Security Professionals
- In-house Counsel
- Risk Assessment Managers
- Regulatory Compliance Officers
- Financial Institutions
- Other Interested Professionals
Alex Hernandez brings more than 20 years of experience in providing security solutions to some of the largest companies in the world.
Hernandez is a recognized authority on Internet security, having worked with numerous Fortune 500 companies to design and implement security solutions across email, Web, application and network infrastructures. At DefenseStorm he helps to design and implement solutions that allow financial institutions to unify detection, investigation, reporting, and compliance into a single place to manage cybersecurity data – while also making the daily work of cybersecurity professionals easier, so they can focus on stopping cyber-criminals instead of busy work.
Hernandez is regularly sought after by banking associations and state banking schools across the country to discuss cybersecurity and the evolving threat landscape as it relates to financial institutions; because while banks have similar needs to other corporations, they have unique security needs that present a compelling requisite for a solution that keeps our country’s most sensitive financial data secure from foreign attackers and organized criminals. As an expert in the field of IT and security, he too has spoken at regional and national IT/security conferences; including Interop, RSA and ISSA.
Prior to DefenseStorm, Hernandez worked with several leading security solutions providers, including Barracuda Networks, Purewire, Secure Computing, CipherTrust, S1 and SecureWare.
Alex Hernandez – VP of Customer Solutions
Alex Hernandez brings more than 20 years of experience in providing security solutions to some of the largest companies in …
Michael C. Redmond is Lead Strategic Consultant for EFPR Group’s Information Technology Consulting division. She is also a recognized International IT Consultant, Auditor, Speaker, Author, and Trainer.
Her consulting and auditing experiences includes HIPAA, Organizational Resilience, Cyber/Information Security, Business Continuity, Disaster Recovery, High Availability and ISO for clients in the Healthcare, Insurance, Financial and Manufacturing sectors. She has held executive management positions at Deloitte, KPMG, Chubb Services and Redmond Worldwide.
Michael spent four years on active duty with the U.S. Army and an additional 17 years in the National Guard and Reserves. Her assignments include Company Executive Officer, Public Relations Officer and Company Commander. She retired at the rank of Major.
Michael has three books being published in 2017; one on Cyber Security, the second on Business Continuity & Disaster Recovery and the third on Mastering Work Life Balance..
She is certified in Project Manager (PMP), Business Continuity Management (MBCI) and (FBCI), Emergency Management (CEM). Michael is certified as a Lead Implementer for: ISO/IEC 27001 Information Security Management, ISO/IEC 27032 Lead Cyber Security Manger, ISO/IEC 27035 Security Incident Response, ISO 31000 Risk Management, ISO/IEC 22301 Business Continuity Management Systems, ISO/IEC 21500 Lead Project Manager, ISO/IEC 41001 Environmental Management and Foundation Implementer for: ISO 22316 Organizational Resilience, ISO 22320 Emergency Management. She is certified as a Lead Auditor for: ISO/IEC 27001 Information Security Management, ISO/IEC 22301 Business Continuity Management Systems, ISO/IEC 41001 Environmental Management. Michael has a strong Compliance background. She is up to date on ISO, HIPAA, DFS, SOC 1&2, CMS, FFIEC, COOP, COG and more. Michael is a certified instructor for ISO Certification classes.
Michael C. Redmond is Lead Strategic Consultant for EFPR Group’s Information Technology Consulting division. She is also a recognized International …
Dominique Shelton is a partner in Alston & Bird’s Technology & Privacy Group. She is located in the firm’s Los Angeles office. She focuses her practice on privacy, data security and unfair competition. Dominique provides strategic privacy and cyber preparedness compliance counseling on cutting-edge issues such as security, mobile apps, Internet of Things, the Video Privacy Protection Act, Big Data, digital marketing and the cloud. She also leads data breach investigations, defends regulatory actions and provides subject-matter leadership in privacy consumer as well as business to business class action litigation. In 2012, she was named Intellectual Property Lawyer of the Year by the Century City Bar Association. In 2014, she was named one of the Most Influential Lawyers: Digital Media and E-Commerce Law by the Los Angeles Business Journal. In 2014, The Recorder named her as a Leader in Technology Law. In 2015, the Los Angeles Business Journal named her one of the Most Influential Lawyers in White Collar & Cyber Crimes Law. She has also been listed in the 2016 and 2017 editions of The Best Lawyers in America© in the area of Privacy and Data Security Law.
She has litigated privacy and data security matters and has negotiated with regulators such as the California AG and FTC.
Dominique represents Fortune 500 companies, startups and privately held companies across a broad spectrum of industries, including entertainment, health care, finance, digital advertising, retail and telecommunications.
Dominique Shelton is a partner in Alston & Bird’s Technology & Privacy Group. She is located in the firm’s Los …
Print and review course materials
Method of Presentation:
Experience in Financial and Cybersecurity Law
NASBA Field of Study:
Information Technology - Technical
NY Category of CLE Credit:
Areas of Professional Practice
Unlock All The Knowledge and Credit You Need
Leading Provider of Online Continuing Education
It's As Easy as 1, 2, 3
Get Your 1-Year All Access Pass For Only $199
DefenseStorm is a Security Data Platform that watches everything on your network and matches it to your policies, providing cybersecurity management that is safe, compliant and cost effective. Built from the ground up in the cloud, DefenseStorm unifies detection, investigation, reporting, and compliance into a single place to manage cybersecurity data. Formed by bankers and technology experts, DefenseStorm aggregates event data across all cybersecurity tools and links policies to real-time alerts, so that financial institutions can prove to regulators they are both secure and compliant with evolving FFIEC cybersecurity requirements. For more information please visit www.DefenseStorm.com.
About EFPR Group
EFPR Group, LLP is one of Western New York’s largest accounting and consulting firms serving over 10,500 clients across the United States. The firm is headquartered in Rochester, New York with offices in Buffalo, Corning, the Finger Lakes, New York City and Jupiter, Florida.
The Firm’s IT Consulting Division provides a comprehensive suite of IT Consulting and Audit services including Compliance, Policies, Plans, and Project Management. Our areas of expertise include: Information/Cyber Security- Policies, Planning, Documentation, Testing and Exercises, CSIRT, Risk Management – Business Continuity and Disaster Recovery – Risk Assessment, Impact Analysis, Strategic Plans, CTO- for-Hire, Strategic Project Management, and much more.
About Alston & Bird LLP
Founded in 1893, Alston & Bird is a leading national law firm whose core practice areas are intellectual property, complex litigation, corporate and tax, with national industry focuses that include financial services, technology, health care, manufacturing, life sciences and energy. The firm’s attorneys provide a full range of services to domestic and international clients conducting business around the world. Alston & Bird has built a reputation as one of the country’s best employers, appearing on Fortune magazine’s ranking of the “100 Best Companies to Work For” 18 consecutive years, an unprecedented accomplishment among law firms in the United States. The firm has offices in Atlanta, Beijing, Brussels, Charlotte, Dallas, Los Angeles, New York, Research Triangle, San Francisco, Silicon Valley and Washington, D.C.