IT Examiner School, Providence, RI

Information Security Program Components • Board of Directors involvement

• Risk Assessment

• Risk Management

• Oversight of Service Provider Arrangements

• Program adjustment

• Reports to the Board

Information Security/GLBA CFR Part 314 of the FTC Rules and Regulations – Standards for Safeguarding Customer Information Requires financial institutions to develop and implement a comprehensive, written information security program that includes administrative, technical, and physical safeguards appropriate to the size and complexity of the financial institution and the nature and scope of its activities. Requires financial institutions to designate an employee or employees to coordinate (or oversee) the information security program.  Usually met through the formal designation of an Information Security Officer.  Could be more than one person or even a committee.  Usually to oversee the day-to-day oversight of the Information Security Program implementation