IT Examiner School, Providence, RI

Information Security Program Components

• Board of Directors Involvement • Risk Assessment • Manage and Control Risk • Oversee Service Provider Arrangements

• Program Adjustment • Report to the Board • Standards Implementation

Board of Directors

• Approve the Information Security Program annually

• Oversee development, implementation and maintenance of the program

The following FILs mention consideration of these topics in the annual GLBA board report: (FDIC regulated institutions only)

– Instant Messaging (FIL – 84-2004); – Virus Protection (FIL – 62-2004); and – Software Patch Management (FIL – 43-2003).