Compliance Education Seminars
United Computer is happy to announce our new quarterly Compliance Education Seminars. These 1-hour informational webcasts will be offered quarterly beginning in March 2011. The purpose of the seminars is to educate you on the ever changing information security trends, and how financial institutions are meeting their business objectives through these challenges. If you are interested in obtaining a copy of the presentation or more information on upcoming seminars, please contact our Compliance Team.
Compliance Education Seminar - IT Compliance for Financial Institutions
(Wednesday, April 4th, 2012)
Confused with all of the new changes in the area of Information Technology (IT) Compliance? United Computer will help you to gather all of the pieces and put them together by reviewing regulatory requirements. To learn more about IT Compliance for Financial Institutions, the FFIEC guidance surrounding it, and what you need to do to stay ahead of the game, please contact us to view this seminar.
This presentation will provide insight in the areas of:
- Board of Director Oversight Responsibilities
- General Audit Requirements
- Business Continuity
- Network Compliance
- Server Compliance
- Workstation Compliance
- Mobile Compliance
Compliance Education Seminar - Internet Vulnerability Management
(Tuesday, June 28th)
A Recent Survey of 2500 Financial Institutions asked the question “What are the biggest risks facing banks today?” Two of the top four risks stated were Cyber Security and Regulatory Compliance. Internal Vulnerability Assessments (IVA’s) are critical component of your institutions security policy. With new vulnerabilities created daily, it's an important requirement that an organization keeps an updated view of its current security posture. IVA’s are a standard best practice that the FFIEC regulatory agencies require institutions to have policies and processes in place that address this issue. They key purposes of vulnerability assessments are to mitigate risk by:
- Continuously gather and analyze information regarding new threats and vulnerabilities
- Identifying system configuration violations
- Auditing system patches to see how they affected your security posture
- Determining the security impact of a router or switch configuration change
Our first Compliance Education seminar was on Data Classification
(Tuesday, March 15th)
Data classification is an essential part of audit and compliance activities at any institution; publicly traded or privately held. Data classification is the act of placing data into categories that will dictate the level of internal controls to protect that data against theft, compromise, and inappropriate use. When a document, letter, memo, or other piece of information is created, the owner assigns to it a classification level, which among other things, defines the security clearance of individuals that can access that information. An institution’s data classification scheme should include information classifications such as “Confidential”, “Internal Use” and “Public”.