Quick Contact
Get in touch and see how Risk Reward can help you
Our London team are ready to answer questions, provide information & choices to help make your public seminar booking in a prompt, professional & friendly manner.
Shop
Popular
Singapore, Hong Kong, Kuala Lumpur, Taiwan Time Zones
CPEs:
24
Instructor:
Dennis Cox
Level:
Intermediate
Tuition:
£3,495.00
NEW Auditing Information Security Risk in Banks & Financial Institutions IA093
Location: Singapore, Hong Kong, Kuala Lumpur, Taiwan Time Zones
Duration: 3 days/24 hours
Programme Director: Dennis Cox
All Dates & Locations
Venue Details
Experience the highly-interactive expert-led social learning through Virtual Classroom via Cisco WebEx from Risk Reward.
All our 2023 Virtual Classroom events feature shared (or discrete) live chat between delegates and the expert, participate in topical surveys, polling questions, group exercises and case studies for a tried -and- true engaging and gratifying learning experience.
"[Course] offers a fresh perspective on processes and controls. Reorganising our thinking process as to how to map out the controls and clarifying ownership in risk management and audit."EFG Hermes, Egypt
Agenda Highlights
Session 1: Information Risk
Session 2: Information Risk Management Strategy
Session 3: Auditing the Information Security Framework
Session 4: Auditing the Monitoring of Information Risk
Session 5: Auditing Information Security
Session 6: Auditing Incident Management
Session 7: Auditing the Management of the Information Risk Programme
"This IT audit program met all our expectations and was quite enjoyable as well."Internal Audit Manager, First Rand Bank, South Africa
Overview
This 3-day How to Audit InfoSecurity in a Bank course will describe the strategic, tactical and operational requirements for managing information risk and security within the banking industry.
Focused on all of the key elements of the risk and control structure that are applied in practice and addresses the audit approach to be adopted.
Uniquely featured are the live, in-the- virtual classroom development of numerous practical audit programmes which will enable delegates to apply immediately in practice within their organisations.
"Excellent programme bringing the risk and internal auditors together to upskill in [these] risk areas. Thank you and well done."Chief Auditor: Nedbank, Capital & Risk, Nedbank, Sandton, South Africa
Who Should Attend
This course is designed for bank internal auditors, and recent delegates included those from risk management, operations and security team members and management.
Additional Course Information
What Does It Cover?
Information Risk
- What is information risk management?
- Why is it of particular importance now?
- Corporate governance and management issues
- Measuring and prioritising information risk
- Key risk elements of information risk management
- Policy and procedures in information risk
- Information risk and operational resilience
- Where are the key elements of information risk within banking?
- How are they currently managed?
- Cybersecurity and Information Risk
Case Study: Review a series of existing structures within banking for the management of information risk
Information Risk Management Strategy
- Managing complexity
- Reference architectures
- Why strategic information risk programmes fail and how to avoid failure
- The holistic approach
- Developing enterprise security architectures
- Strategy and concept phase
- Design phase
- Implementation phase
- Operational phase – management and measurement
- What is really under your control?
Case Study: Develop an audit program to address Information risk management strategy
Auditing the Information Security Framework
- The role of systems engineering
- Basic systems design concepts
- The system boundaries and its environment
- Sub-system decomposition
- Control systems and advanced systems modelling techniques
- Business process analysis
- Dependency tree modelling
- The information register
- Identifying critical information
- Storage and BCP
- Considering third parties
Case Study: Develop an audit program to address the information security framework
Auditing the Monitoring of Information Risk
- Return on investment for information security
- Monitoring and measurement
- The need for metrics
- Measurement approaches
- Scorecards
- Quantitative approaches
- Business drivers and traceability
- Data mining
- Business attributes profiling
- Setting up a metrics framework
- Maturity modelling applied to information security
- Risk reporting
Case Study: Develop an audit program to address information risk monitoring
Auditing Information Security
- Unique entity naming
- Registration
- Public key certification
- Credentials certification
- Directory services
- Information model
- Service naming model
- Service functional model
- Service security model
- Authorisation services
- Entity authentication
- Use authentication
- Device authentication
- Communication security services
- Session authentication
- Message origin authentication
- Message integrity protection
- Message replay protection
- Message content confidentiality
- Non-repudiation
- Traffic flow confidentiality
Case Study: Develop an audit program to address information security
Auditing Incident Management
- Identification of incidents
- Incident assessment
- Analysing the consquences
- Considering the control structure
- Reporting incidents
- Acting to increase resilience
Case Study: Develop an audit programme to address incident management
Auditing the Management of the Information Risk Programme
- Selling the benefits of information risk management to senior management
- Getting sponsorship and budget
- Building the team
- Programme planning and management
- Collecting the information you need
- Getting consensus on the conceptual security architecture
- Architecture governance, compliance and maintenance
- Long-term confidence of senior management
Case Study: Final program highlighting key elements of the work to be conducted.
Learning Objectives
All delegates completing the course will receive a personalised, dated Risk Reward CPD accredited Certificate in Auditing Information Security Risk in Banks & Financial Institutions.
Delegates will gain specialist world- class audit knowledge, techniques and experience of applying learned concepts through the live, in class development of audit programmes and will be able to audit:
- The main information risks that are faced by a large financial services firm;
- The approach taken to managing these risks;
- The information risk management ad security strategy;
- Design architectures, systems and processes to implement the potential strategies
- The key elements of the information security and risk framework
A Tier 1 Global Bank Risk & Internal Audit expert will led group activities and discussion to build the audit approaches and programmes for immediate application in the workplace. Theses include audit programs listed in the What Does It Cover section above.
Social Learning & Methods
Highly interactive expert-led intensive presentation, Q&A, group real-time in-depth case studies, regulation and discussion supported by key principles and theory. The virtual learning platform uses safe, industry preferred encrypted Cisco WebEx to optimize live face-to-face visual interaction, discrete chat, for polling and quizzes.
(An invitation via email with access link is included for all participants.)
Registration
NEW Auditing Information Security Risk in Banks & Financial Institutions
Course Fee
Early Bird Discounts of 10%+ available by May 1, 2021
Course Fee (per person):
GBP £3,495.00 (+ UK VAT when applicable)
Get in touch and see how Risk Reward can help you
Our London and Miami teams are ready to listen carefully to your needs, take the brief, explore options, offer suggestions and help you in a professional and friendly manner.