Chapter 1 - Beginning
- Intros, Goals, Objectives
- Program Introduction
- Predictions
- Exercise: What are you worried about?
Chapter 2 - Introduction to IS
- Part 364 Appendix B
- IS Triad (as covered in ITEC et al)
- IS Programs, elements
- Bank IT Evolution
- Bank IS requirements, regulations, resources
Chapter 3 - Banking and Regulatory Compliance
- What are banks scared of?
- Recent Security Events
- Incident and event review
- How do we protect ourselves?
- GLBA
- FACTA
- Governance vs Technology
- Compliant vs Safe
- NIST CSF
- Banking Tech Trends
Chapter 4 - IT Oversight
- Oversight vs Governance
- Governance, Roles, Challenges
Chapter 5 - IS Fundamentals
- Threats
- Components - asset, actor, attribute, action
- Application
- Topics
- Definitions and review
- Vulnerability evolution
- Cyber Kill Chain
- Phishing is #1
- Hacking, examples, tools
Chapter 6 - Security Policy
- CEO / Board questions
- Exercise: Crown Jewels
- Ransomware
- Importance of policy
- Policy as the why
- Standards as the what
- Procedures as the how
- Guidelines as best practices
- Standards
- Documents
- Review / Update
Chapter 7 - Security Management Practices
- Asset management
- Security Controls: Access control
- Security Controls: Encryption & Authentication
- Security Controls: VPNs
- Security Controls: Firewalls
- Security Controls: Device Hardening
- Security Controls: Network Access Control
- Security Controls: Mobile Device Management
Chapter 8 - Vendor Management
- Coutsourcing
- Cloud services
- Generative AI
- Future of AI
- Voice services
- IT other than Core
Chapter 9 - Monitoring and Incident Response
- Ongoing Monitoring
- IDP and IDS
- Host-based vs network-based
- Signature-based vs anomaly-based
- EDR and XDR
- Summary and wrapup