Pub. 14 2019-2020 Issue 3

WWW.NEBANKERS.ORG 18 Courtney Calderwood ccalderwood@bhg-inc.com 315.329.2994 Increase your revenue seamlessly with high–quality professional loans. No hassle of originations Complete credit profile Convenient online purchasing We know community banking. Regulatory Representation Mergers and Acquisitions Business Succession Planning Creditor’s Rights Lincoln ■ Newman Grove ■ Bruning eptlawfirm.com ■ toll-free 844-704-5296 For more information, contact David Edwards at 913-225-6382 or david.edwards@sbscyber.com . SBS delivers unique, turnkey cybersecurity solutions tailored to each client’s needs, including risk management, consulting, auditing, network security, and education. Learn more at www.sbscyber.com. • Training and Testing – Security Awareness Train- ing and Testing should be inclusive of all employees and the board. The board and senior management should be aware of all the related trainings that have been completed, including the testing results with peer comparisons. • Progress on IT Strategic Initiatives – The board and seniormanagement should understandwhat actions are being taken to meet the initiatives outlined in the IT Strategic Plan. • Incidents affecting the organization – The board and senior management should be aware of all recent fraud events, information security incidents, and filings of Suspicious Activity Reports (SARS). • Changes to ISP-related policies and procedures – All policies need to be reviewed and approved by the board annually. • New Regulations – The board and senior manage- ment should understand the details of all new regula- tions applicable to the organization and the impact imposed. • Budget/Staffing – If additional funding or resources are needed to achieve the requirements of the ISP, such resources need to be brought to the attention of the board and senior management. Upstream Reporting Frequency The goal is to have information security be a topic at every board meeting and sufficiently documented in board minutes. Keeping information security at the top of decision-makers’ minds reinforces the importance of, and promotes a culture of, security. Culture Starts at the Top Information security culture and initiatives must be driven from the top down to truly be successful. If information security is the 5th or 6th priority for an organization, the state of security will be drastically weakened, and initiatives will constantly be reactive. However, if information security is prioritized from the top down, IS initiatives will be properly resourced and the organization will be much more secure and proactive when it comes to security.  Information Security — continued from page 17