Cyber IT Supervisory Forum eBook

Internal Use Only

Exam Modernization:

Emphasize IT Audits • What Industry Standard has been selected? e.g. NIST, ISO, CIS, CRI, etc. (Avoid regulator developed check lists) • Test the IT Audit (like we test the loan watch list) • Require Audits to use an industry standard

(Proposal Pilot States are Discussing)

WHAT