On December 1, 2021, CU*Answers will present an educational webinar for credit unions designed to help them build, implement, and test an effective risk-based information security program. Titled “Elements of an Information Security Program,” participants are guided through the stages of developing a program, beginning with the risk assessment and business impact analysis, asset inventory and data classification, controls selection and implementation, awareness and training, ending with plan testing and maintenance.

The content for the presentation is designed to identify and arrange the mix of components using a puzzle analogy to see how each individual piece fits into the whole. “A program that is effective over time requires an understanding the relationship and cohesion between each component,” states Jim Lawrence, VP of Business Continuity and Operations. “A comprehensive information security program is one where the layers of defense work in harmony to protect the credit union’s most vital assets and prepare them for a prompt and effective response. This is an ongoing effort of coordination and orchestration to shield financial institutions from the ever-changing cyber threats they face each day.”

“Much like you would work a puzzle, you begin with your goals and objectives to define the border and scope of your program,” Lawrence added. “Then identify the pieces that provide the appropriate level of protection as determined by your desired security posture and risk appetite. No piece is isolated, and each contributes to the finished product, accurately reflecting your operations.”

The webinar concludes with a call to action and list of resources available to assist security professionals at the credit union. Additional complementary courses are offered throughout the year on Business Continuity, Information Security, and Incident Response.