skip to main navigation skip to secondary navigation skip to content
Board of Governors of the Federal Reserve System
skip to content
Board of Governors of the Federal Reserve System

International Training & Assistance (ITA)
for Bank Supervisors

IT Supervisory Themes and Emerging Topics, Session 1S.T.R.E.A.M/Technology Lab Courses - The Federal Reserve Bank of Chicago

Type of Participant Targeted

IT Supervisory Themes and Emerging Topics (ITSTET) is a one-week course. The course is suitable both for newer examiners looking for some introduction to various IT topics, and experienced examiners who have encountered these issues and could benefit from further collaboration with other examiners.

Prerequisites

None.

Course Overview

This course is designed to highlight emerging topics in information technology in a condensed and discussion-oriented format. Topics include virtualization overview, virtualization work program, cloud computing, cloud computing vendor management, social media risks and controls, mobile banking and risk assessment, "bring your own device (BYOD)," the Federal Reserve's supervisory guidance letter #11-9 concerning authentication in an internet banking environment, and data leak prevention. The class modules are dynamically developed based on evolving IT operational risks and newfound IT exam issues. Therefore, each class may have different focus areas based on latest IT trends.

Course Objectives

Upon completion of this course, the participant, at a minimum, will be able to

  • Demonstrate a basic understanding of IT technology
  • Identify strengths and weaknesses of various technologies
  • Perform fundamental system administration and audit operations
  • Evaluate and report efficiency of various security controls to protect technology operations

Post-Course Intervention

Participants should be provided with opportunities that allow them to identify security capabilities and limitations associated with computer operating systems within a financial institution. They should review security measurements and recommend proper security controls to protect technology operations.

Learning Objectives

Participants develop a solid understanding of various technologies and identify security strengths and weaknesses in an institution's technology environment. Furthermore, participants evaluate the technology and its security measurement by reviewing, auditing, reporting, and recommending proper security controls.

By module, the following learning objectives will be accomplished:

Module Learning Objectives
Virtualization Overview
  • Explain the basic concept of virtualization
  • Identify the advantages of server virtualization
Virtualization Work Program
  • Explain how to use virtualization work program to conduct virtualization exam
  • Evaluate the controls and processes in the virtual environment
Cloud Computing
  • Explain cloud computing concept
  • Illustrate various deployment models
  • Identify security and compliance risks
  • Evaluate controls to mitigate the risks
Cloud Computing Vendor Management
  • Identify the necessary management process and technical controls in the cloud
  • Review the vendor risk matrix
  • Assess cloud vendor's security and compliance capabilities
Social Media Risks and Controls
  • Understand the social media applications in various forms
  • List the exposures and risks regarding information security
  • Recommend the necessary policies, procedures and controls to mitigate the risks
Social Media Hands-on Labs
  • Explain the social channels such as Twitter
  • Illustrate Internet search with privacy protection
  • Evaluate the management of social media channels
Mobile Banking Risks and Controls
  • Review and discuss mobile banking technology
  • Identify risks and controls
Mobile Banking Case Study- Risk Assessment
  • Explain critical areas impacted by mobile banking
  • Identify financial risks and operational risks associated with mobile banking
  • Evaluate controls to mitigate the risks
SR 11-9 Authentication in an Internet Banking Environment
  • Review the guidelines
  • Evaluate multi-layer authentication implementations
Bring Your Own Device
  • Understand the benefits and risks of BYOD
  • Recommend the necessary policies, procedures and controls to mitigate the risks

Instructors

The ITSTET course is conducted and supported by a diverse group of professionals, including senior IT examiners, information security specialists, technology architects, and program managers from the Federal Reserve System, FFIEC agencies, state banking supervision departments in the United States, and consulting firms.

Return to topReturn to top

Last update: May 12, 2014