Princeton, NJ (BankInfoSecurity.com) October 16, 2006 – We count on them for providing the technology we need to secure our enterprises. We count on their products and services to increase productivity and reduce costs. We count on their support and expertise when things go wrong. We know how well the relationship is going. Why then, are the regulators so concerned about third-party oversight?
What does “third party oversight” really mean? What does it entail? Who is responsible for doing it, and what happens when the results do not turn out as expected? This workshop will be looking at this topic from two vantage points – a security practitioner who developed and implemented a plan for a Fortune 500 bank, and a former FDIC regulator who would have evaluated the approach and reviewed the results.
This workshop is going to be presented by Anne Terwilliger and Susan Orr. Anne E. Terwilliger, CISSP is President of Accentuate Security, an information security consulting firm that specializes in the development of information security policies, information security awareness programs, and compliance reviews. Prior to opening Accentuate Security, Anne served as the Vice President for Information Security Policy and Awareness at National City Bank in Cleveland where she developed an information security awareness program for its 33,000 employees... For the three and a half years previous to that engagement, she was the Information Security Officer for the United States and Europe for the Sumitomo Mitsui Banking Corporation in New York In addition to other responsibilities; she developed an international security awareness program for counties in which Sumitomo had a presence. Her twelve years as the EDP Security Officer at the New York Clearing House, where she implemented security controls and an awareness program for CHIPS (the largest private international interbank payment systems in the US) and ACH (US domestic funds transfer system), prepared her well for that assignment. With close to two decades of experience as an information security practitioner, and 27 years of IT experience, Anne is a frequent speaker at security conferences, symposiums, and professional association meetings.
Susan Orr, CISA, CISM, CRP - ex-FDIC examiner. Susan Orr is a leading financial services expert with vast regulatory, risk management, and security best practice knowledge and expertise . During her 14 year tenure as a bank examiner, Susan held numerous lead positions including Regional IT Examination Specialist, Special Assistant to the Regional Director, Special Assistant to the Director of DSC, and Special Assistant to the Vice Chairman of the FDIC. Susan was also a lead instructor for the FDIC’s technology school and was instrumental in key industry initiatives such as the FDIC E-Risk Strategic Initiatives Risk Monitoring Committee, the Chicago Region Interagency Technology Group, and the Federal Financial Institutions Examination Council (FFIEC) IT Handbook rewrites. Susan retains close relationships within the FFIEC agencies as well as industry trade groups to stay abreast on new technologies, best practices, and regulatory issues.
For additional information about the BankInfoSecurity.com Vendor Management Online Workshop, please visit: https://www.bankinfosecurity.com/workshop_vm.php.