IT Examiner School

Information Security Program Framework “Each insured depository institution shall implement a comprehensive written information security program that includes administrative, technical, and physical safeguards appropriate to the size and complexity of the institution and the nature and scope of its activities.”

Information Security Program Framework • Board of Directors • Assess Risk • Manage & Control Risk • Oversee Service Providers

• Adjust the Program • Report to the Board • Implement the Standards