On January 13, 2021, CU*Answers presented a complimentary web-based educational course for credit unions to assist them in building, implementing, and testing a risk-based information security program. Titled, “Components of an Information Security Program”, participants were guided through the stages of developing a program from risk and technology assessment, asset inventory and classification, controls selection and implementation, awareness and training, ending with plan testing and maintenance.

The content was designed to identify and arrange the mix of components using a puzzle analogy to see how each fits into the whole. “Seeing the big picture, locating the gaps and weaknesses, and understanding how each component works with the others is key to investing wisely and protecting your most vulnerable IT assets,” states Jim Lawrence, VP of Business Continuity and Operations. “A comprehensive information security program is vital in the defense against the threats that financial institutions face today, in light of recent wide-scale cyber breaches and attacks.”

“Much like you would work a puzzle, you begin with your goals and objectives to define the border and scope of your program. Then identify the pieces that provide the appropriate level of protection as determined by your target security posture and risk appetite. No piece is isolated, and each contributes to the finished product, accurately reflecting your operations.”

The course ended with a call to action and list of resources available to assist security professionals at the credit union. Additional complementary courses are offered throughout the year on Business Continuity, Information Security, and Incident Response.