IT Examiner School, Palm Springs, CA

Information Security - Risk Mitigation

• Policies and Procedures • Control Types/implementation • Inventory and Classification of Assets • User Security Controls • Physical Security • Change Management Within IT Environment • End-of-Life Management

• Application Security • Database Security • Encryption • Log Management • Malware Mitigation

Information Security – Policies and Procedures

Board approved Written Policies (Required by GLBA) • Address key areas such as personnel, physical and logical security, change management, strategic planning, and business continuity. • Depth and coverage of IT operations policies will vary based on institution size and complexity. Procedures describe the processes used to meet the requirements of the institution's IT policies. • Do not need to be formally Board approved. • Written for consistency and continuity. • Regularly updated as processes, systems, and threats change.