Information security
Board members and managing directors at banks and financial service providers, CISO, outsourcing controlling, risk controlling, compliance, data protection and internal audit
665,-€
-
With the seminar, you will receive your certificate as proof of your expertise
(e.g. for submission to BaFin) -
Tasks of the Information Security Officer
-
Risk analysis to determine the need for IT protection
-
Ongoing monitoring duties of the Information Security Officer
Save the Dates
30.09.-01.10.
Munich
……
…..
Programm
-
9.15 am – 1.00 pm
Tasks of the Information Security Officer
Overview of the range of tasks: Interlocking IT strategy, information security and information risk management
Efficient communication and interface management with outsourcing, data protection and compliance officers
You need to know these “red lines”: Minimum requirements from BAIT, KAIT, VAIT, ZAIT, DIN EN ISO 2700x and BSI-Grundschutz in an audit-proof manner.
Introduction of the information security guideline with processes for identification, protection, detection, response and recovery
Establishment of an audit-proof management reporting system
Risk analysis to determine the need for IT protection
Risk analysis in information management
Implementation of the qualitatively tightened risk analysis on the basis of uniform scoring criteria
Assessment of the need for protection with regard to the goals of Integrity, availability, confidentiality and authenticity
Benchmarks for drawing up the catalogue of target measures and deriving the risk-reducing measures
Steering and control activities and their implementation
S+P Tool Box
- Organisational handbook for the Information Security Guideline (Length approx. 30 pages)
- Sample reporting for Information Security Officer
- S+P Tool Risk Assessment: Determination of IT protection needs
Information security
-
2.00 pm – 5.00 pm
Ongoing monitoring duties of the information security officer
New requirements for monitoring, control and reporting obligations
The focus on agility places high demands on user Authorisation management
Ad hoc reporting on significant IT projects and
IT project risks to the management
Mapping of significant project risks in risk management
New requirements for control and reporting obligations of the IT service provider and the outsourcing officer
Establish appropriate processes for IT application development
Delimit outsourcing and other external procurement of IT services in an auditable manner
Data protection concept of the ISB versus deletion concept of the DPO