Pub. 9 2014-2015 Issue 2

July | August 2014 17 Extraordinary Service for Extraordinary Members. No matter which framework is adopted, the first step to a strong cybersecurity program is the acknowledgement of cyber threats and the impact they can have on the bank, im- mediately followed by bank-wide education of cyber-threat red flags and the coinciding appropriate responses. A few additional items may be asked of you as well, including your financial institution’s cybersecurity policies, risk assessment, responsible parties, testing program and results, monitoring, incident response and reports, internal controls and vendor controls, all electronic connections, and threat intelligence resources. You shouldn’t have to completely build a cyberse- curity program from the ground up. A lot of this information you already have, but perhaps it’s branded as “Information Security.” This is not a new concept, just a renewed attention to the most swiftly evolving threats facing financial institu- tions today.  If you’re unfamiliar with the NIST “Framework for Im- proving Critical Infrastructure Cybersecurity,” here’s a brief breakdown. There are three key phrases you should be familiar with: Framework Core, Framework Implementation Tiers, and Framework Profile. 1. The Framework Core is a set of cybersecurity activi- ties, desired outcomes, and applicable references that are common across critical infrastructure sectors, consisting of five concurrent and continuous functions: Identify, Protect, Detect, Respond, and Recover. This is a strategic view of the lifecycle of an organization’s management of cybersecurity risk. Each function is broken down into categories and subcategories to be assessed. 2. The Framework Implementation Tiers provide context for how an organization views cybersecurity risk and the processes in place to manage that risk. The four tiers, from 1 to 4, are: Partial, Risk Informed, Repeat- able, and Adaptive. 3. The Framework Profile is a self-assessment display- ing the difference in alignment of the institution’s cur- rent core-tier levels with the target core-tier levels. The target profile is based on the business requirements, risk tolerance, and resources of the organization. Leticia Saiid is a tandem software support specialist for CoNetrix. CoNetrix is a provider of information security consulting, IT/GLBA audits and security testing, and tandem—a security and compliance software suite designed to help financial institutions create and maintain their Information Security Programs. Visit CoNetrix at www.CoNetrix.com . The Certified Community Banking Incident Handler certification includes lectures with a relevant topic related to common incidents banks face including BYOD, Incident Response Policies, CATO, Malware Analysis, Insider Threats, and data breach response. The Certified Community Banking Ethical Hacker certification provides attendees with a solid foundation of theory and understanding along with plenty of keyboard experience in running the tools and interpreting the results of penetration testing and ethical hacking. In the Certified Community Banking Board of Directors certification , directors will learn the key elements of each critical component of an information security program. The Certified Community Banking Technology Professional certification program provides a deep dive into critical components of an information security program to explore the technical design and implementation of security controls. The Certified Community Banking Security Professional certification program will enhance each attendee’s skill set and knowledge base in the areas of information security to better demonstrate their abilities for risk management, information security program development, and auditing. The Certified Community Banking Vendor Manager certification provides attendees with a solid foundation of theory, along with understanding of the third party management process. 233 S 13th St. Ste 700 Lincoln, Nebraska 68501 Phone: 402-474-1555 The SBS Institute serves community banks providing educational programs to certify bankers with the knowledge and skills to protect against todays information security threats. Certification Program Register online at www.nebankers.org