Incident Response Plan Training

RELEASE DATE: SEPTEMBER 23, 2024
ESTIMATED DURATION: 60 MINUTES

When it comes to a security event or breach, it isn’t a matter of “if” but “when”. No one is immune, no one is 100% secure. Any breach regardless of the type or size can be potentially devasting and the catalyst for breaches continuing to emerge and intensify.  Phishing, Ransomware and BEC are considered one of the top cybersecurity attack vectors and affect all industries as well as single individuals.  To assist the threat actors we now have Ransomware as a Service (RaaS), a pay for use malware furthering the ease of unleashing ransomware.   And if all that isn’t enough, business email compromise (BEC), another damaging form of cybercrime has exploded on the scene. The outcome of an attack can result in huge financial losses but that isn’t the only concern, what about reputation risk?

Financial institutions are particularly vulnerable by the very nature of the business. You have information that thieves want, information they can parley into cold hard cash, if not the cash itself. Your incident response plan should provide confidence that you have the right personnel and procedures in place to deal effectively and timely to s a security breach.  Not to mention the financial services industry is mandated to implement security controls and a framework for identifying potential risks, monitoring for and detecting unauthorized access mitigating the outcome, effectively responding to the event, and notifying customers, law enforcement and regulators when it does happen. Be sure that examiners will be looking at your Plan.

The incident response plan shouldn’t be just a checklist. You need well thought out detailed procedures/response steps that have been practices and tested to ensure you are as prepared as you can be when a security breach happens.

Objectives:

• Understanding the need for an incident response plan
• Developing a comprehensive incident response plan

MEET THE SUBJECT MATTER EXPERT

Susan Orr is a leading financial services expert with vast regulatory, risk management, and security best practice knowledge and expertise. During her 14-year tenure as an examiner, Susan held numerous lead positions including Regional IT Examination Specialist, Special Assistant to the Regional Director, Special Assistant to the Director of DSC, and Special Assistant to the Vice Chairman of the FDIC. Susan was also a lead instructor for the FDIC’s technology school and was instrumental in key industry initiatives such as the FDIC E-Risk Strategic Initiatives Risk Monitoring Committee, the Chicago Region Interagency Technology Group, and the Federal Financial Institutions Examination Council (FFIEC) IT Handbook rewrites.