New FFIEC IT Management Expectations
The FFIEC just released an updated version of its IT Management Booklet.

It provides increased regulatory expectations and responsibilities for management. Additional requirements were established outlining operational and IT risk management practices. Attend this webinar to find out what this means for your bank, your information security program and your next exam.

The FFIEC just released an updated version of its IT Management Booklet. This release is more an overhaul of the regulatory expectations for financial Institutions. Increased expectations have been established for the Board of Directors and newly established security responsibilities for Executive Management. The FFIEC also clarifies a new role for a Chief Information Security Officer.

The change has been made to better align the management booklet with expectations identified in the FFIEC Cybersecurity Assessment Tool, such as requirements for the Board to establish a risk appetite and the CISO to operate the institution within those limits. Additional requirements were also established outlining overall operational risk management and specific IT risk management practices.


This discussion will review the changes to the IT Management Booklet and explore implementation ideas around each new requirement. Specific governance areas discussed will include:

  • Setting board tone and direction
  • Standard board security activities
  • Executive management (CEO, COO, CIO) roles and responsivities
  • CISO oversight and reporting on Information Security Program
  • CISO moves to enterprise wide vs IT specific role
  • Effective risk management structures
  • Comprehensive written Information Security Program
  • Formalizing project management roles
  • Pulling business continuity planning into each business unit
  • Information systems reporting solutions
  • Long range IT strategic planning
  • Integration of strategic planning into risk management
  • Ensuring competent employees

In addition, detailed discussion will build on implementation ideas around operational risk and IT risk management, including:

  • Enterprise risk management relation to IT risk management
  • Detailed analysis of adequate IT risk management processes
  • Risk identification techniques
  • Risk measurement strategies
  • Risk mitigation approach
  • Proper monitoring and reporting methods


Executive Management team members looking to understand organizational structure and roles/responsibilities for each organizational component. Information security officers and operational roles will also gain detailed insight into process improvement for risk management.


Chad Knutson, CISSP, CISA, CRISC, is the co-founder of Secure Banking Solutions (SBS) where he serves as a senior information security consultant and VP of research and development. He is currently the vice president of the SBS Institute. SBS works with more than 500 banks around the country on information security services.

Credit Information

Institute of Certified Bankers: Visit http://www.icbmembers.org/login.aspx for instructions regarding self-reporting. Estimated credits: 2 hours/session


Live Webinar:

Member price: $275.00 | Non member price $550.00

On-Demand Webinar

Member price: $295.00 | Non member price $560.00


Online: Visit the CBA Webinar Catalog

Mail: Click here and mail completed form with check payable to ConferenceEdge to: (Mail at least 10 days prior to event)

1516 Xavier St., Ste 500, Denver, CO 80204

Phone: Call ConferenceEdge at (877) 988-7526 (credit card payments only)

Please Note:

  • Preferred Payment Method: Online
  • Please register online or by phone when paying with a credit card
  • Payment Must Accompany Registration – Invoices are Not Provided

Register online up to day of event. Earlier registration allows time to check your computer for an optimal experience.