IT Examiner School, Seaside, CA

Information Security Program Components

• Board of Directors Involvement

• Risk Assessment

• Manage and Control Risk

• Oversee Service Provider Arrangements

• Program Adjustment

• Report to the Board

• Standards Implementation

Board of Directors

• Approve the program annually

• Oversee development, implementation and maintenance of the program

The following FILs mention consideration of these topics in the annual GLBA board report: (FDIC regulated institutions only)

– Instant Messaging (FIL – 84-2004); – Virus Protection (FIL – 62-2004); and – Software Patch Management (FIL – 43-2003).