Components of a Strong Information Security Program

In 1999, Congress passed the Gramm-Leach-Bliley Act, requiring all financial institutions to have a written Information Security Program (ISP) based on a risk assessment that outlines how each institution is protecting confidential customer information.

ISPs have evolved a bit over the last 20 years, however. Some of the biggest questions we hear about an ISP include: What are the major components of a modern ISP? What’s the most effective way for an ISP to be structured? How does the ISP flow together? Let’s discuss.

Covered Topics

  • Regulatory requirements of an Information Security Program
  • Major Components of an ISP
  • Policies vs. Procedure vs. Standards vs. Guidelines
  • How to write auditable ISP policies
  • Separating out Procedure from Policy
  • ISP Reporting Requirements
  • Building an ISP Framework than can handle anything you throw at it

Who Should Attend?

Information Security Officer, IT Manager, Risk Officer, Internal Auditor, Board members, or other management team members looking to more clearly define the roles of an Information Security Officer to better enable success.