IT Examiner School eBook

Understanding Risks

The approach to implementing a comprehensive Information Security Program and/or framework should vary based on each entity’s unique business risks. These risks differ across the various types of financial institutions (depository and non-depository), based on: product and service, size and complexity, and geographic footprint. As examiners, it’s important to have a basic understanding of these unique IT-related risks , and commonly observed weaknesses associated with them so we can define the scopes of each IT examination accordingly and know what to be on the lookout for.