IT Examiner School

ISP Framework - Flexible

 Technology  Sensitivity of Customer Information  Internal or External Threats  Institution’s Changing Business Arrangements  Information security program should reflect current information technology environment & practices

Most Common GLBA Examination Issues  Information Security Program stale/outdated  Risk assessment not updated at least annually  Risk Assessment is IT centric & not enterprise-wide  Inadequate Information Security Report to the Board (or a lack of reporting)  Poor vendor/service provider oversight  Lack of training