skip to main navigation skip to secondary navigation skip to content
Board of Governors of the Federal Reserve System
skip to content
Board of Governors of the Federal Reserve System

International Training & Assistance (ITA)
for Bank Supervisors

IT Supervisory Themes and Emerging TopicsS.T.R.E.A.M/Technology Lab Courses - The Federal Reserve Bank of Chicago

Type of Participant Targeted

IT Supervisory Themes and Emerging Topics (STET) is a one-week course. The course is suitable both for newer examiners looking for some introduction to various IT topics, and experienced examiners who have encountered these issues and could benefit from further collaboration with other examiners.  

Prerequisites

None.

Course Overview

This course is designed to highlight emerging topics in information technology in a condensed and discussion-oriented format. Topics include virtualization risks, wireless, voice over IP, remote deposit capture, cloud computing, social media risks and controls, and data leak prevention. The class modules are dynamically developed based on evolving IT operational risks and newfound IT exam issues. Therefore, each class may have different focus areas based on latest IT trends. This course offers 28 credit hours.

Course Objectives

Upon completion of this course, the participant, at a minimum, will be able to

  • Demonstrate a basic understanding of learned IT technology
  • Identify strengths and weaknesses of various technologies
  • Perform fundamental system administration and audit operations
  • Evaluate and report efficiency of various security controls to protect technology operations

Post-Course Intervention

Participants should be provided with opportunities that allow them to identify security capabilities and limitations associated with computer operating systems within a financial institution. They should review security measurements and recommend proper security controls to protect technology operations.

Curriculum Overview

Subject Approximate Class Hours
Virtualization and Risks 5.0
Remote Deposit Capture 3.0
Cloud Computing 3.0
Cloud Computing Vendor Management 4.0
Wireless 3.0
Voice Over IP 4.0
Social Media Risks and Controls 3.0
Data Leak Prevention 2.0
Summary 1.0
TOTAL 28.0*

* Note: The topics and hours may vary from class to class.

Learning Objectives

Participants develop a solid understanding of various technologies and identify security strengths and weaknesses in the technology implementations. Furthermore, participants evaluate the technology and its security measurement by reviewing, auditing, reporting and recommending proper security controls.

By module, the following learning objectives will be accomplished:

Module Learning Objectives
Virtualization and Risks
  • Explain virtualization and its trends
  • Specify virtualization risks and risk controls
Remote deposit capture
  • Illustrate Remote deposit capture landscape
  • Identify related risks and controls to manage the risks
  • Evaluate relevant red flags requirements
Wireless and Hands-on Labs
  • Review and Discuss 802.11n WLAN standard
  • Identify WLAN risks and controls
  • Review wireless IDS application
  • Generate wireless audit reports
Cloud Computing
  • Explain cloud computing concept
  • Illustrate various deployment models
  • Identify security and compliance risks
  • Evaluate controls to mitigate the risks
 Cloud Computing Vendor Management
  • Identify the necessary management process and technical controls in the cloud
  • Review the vendor risk matrix
  • Assess cloud vendor's security and compliance capabilities
Voice over IP( VoIP) and Hands-on Labs
  • Detail VoIP system components
  • Discover various risk areas in a VoIP system
  • Recommend VoIP reviews and exams
Social Media Risks and Controls
  • Understand the social media applications in various forms
  • List the exposures and risks regarding the information security 
  • Recommend the necessary policies, procedures, and controls to mitigate the risks
Data Leak Prevention
  • Assess data leak risks
  • Identify policy, procedure, and risk controls to protect sensitive information

Class Size

The optimum class size is approximately 20 participants. To provide sufficient variety of interaction among class participants, the minimum class size is 10 participants.

Instructors

The STET course is conducted and supported by a diverse group of professionals, including senior IT examiners, information security specialists, technology architects, and program managers from the FRS, FFIEC agencies, state banking supervision departments, and consulting firms.

Return to topReturn to top

Last update: February 16, 2012