International Training & Assistance (ITA)
for Bank Supervisors


IT Supervisory Themes and Emerging Topics, Session 1S.T.R.E.A.M/Technology Lab Courses - The Federal Reserve Bank of Chicago

May 8 - May 12, 2017 (Chicago, IL)

Type of Participant Targeted

IT Supervisory Themes and Emerging Topics (ITSTET) is a one-week course. The course is suitable both for newer examiners looking for some introduction to various IT topics, and experienced examiners who have encountered these issues and could benefit from further collaboration with other examiners.

Prerequisites

None.

Course Overview

This course is designed to highlight emerging topics in information technology in a condensed and discussion-oriented format. Topics include virtualization overview, virtualization work program, cloud computing, cloud computing vendor management, social media risks and controls, mobile banking and risk assessment, "bring your own device (BYOD)," the Federal Reserve's supervisory guidance letter #11-9 concerning authentication in an internet banking environment, and data leak prevention. The class modules are dynamically developed based on evolving IT operational risks and newfound IT exam issues. Therefore, each class may have different focus areas based on latest IT trends.

Course Objectives

Upon completion of this course, the participant, at a minimum, will be able to

  • Demonstrate a basic understanding of IT technology
  • Identify strengths and weaknesses of various technologies
  • Perform fundamental system administration and audit operations
  • Evaluate and report efficiency of various security controls to protect technology operations

Post-Course Intervention

Participants should be provided with opportunities that allow them to identify security capabilities and limitations associated with computer operating systems within a financial institution. They should review security measurements and recommend proper security controls to protect technology operations.

Learning Objectives

Participants develop a solid understanding of various technologies and identify security strengths and weaknesses in an institution's technology environment. Furthermore, participants evaluate the technology and its security measurement by reviewing, auditing, reporting, and recommending proper security controls.

By module, the following learning objectives will be accomplished:

Module Learning Objectives
Supervisory Control and Data Acquisition (SCADA) and the Internet of Things (IoT).
  • Explain the basic concepts of SCADA and IoT
  • Identify the risks associated with SCADA and IoT
  • Recommend the necessary policies, procedures, and controls to mitigate the risks
Virtual Currencies
  • Explain the basic transaction flows of virtual currencies
  • Identify the risks associated with virtual currencies
  • Identify regulatory and examiner touchpoints
Virtualization Overview
  • Explain the basic concept of virtualization
  • Identify the advantages of server virtualization
Virtualization Work Program
  • Explain how to use virtualization work program to conduct virtualization exam
  • Evaluate the controls and processes in the virtual environment
Cloud Computing
  • Explain cloud computing concept
  • Illustrate various deployment models
  • Identify security and compliance risks
  • Evaluate controls to mitigate the risks
Cloud Computing Vendor Management
  • Identify the necessary management process and technical controls in the cloud
  • Review the vendor risk matrix
  • Assess cloud vendor's security and compliance capabilities
Social Media Risks and Controls
  • Understand the social media applications in various forms
  • List the exposures and risks regarding information security
  • Recommend the necessary policies, procedures and controls to mitigate the risks
Social Media Hands-on Labs
  • Explain the social channels such as Twitter
  • Illustrate Internet search with privacy protection
  • Evaluate the management of social media channels
Mobile Banking Risks and Controls
  • Review and discuss mobile banking technology
  • Identify risks and controls
Mobile Banking Case Study- Risk Assessment
  • Explain critical areas impacted by mobile banking
  • Identify financial risks and operational risks associated with mobile banking
  • Evaluate controls to mitigate the risks
SR 11-9 Authentication in an Internet Banking Environment
  • Review the guidelines
  • Evaluate multi-layer authentication implementations
Bring Your Own Device
  • Understand the benefits and risks of BYOD
  • Recommend the necessary policies, procedures, and controls to mitigate the risks

Instructors

This course is developed and supported by a group of instructors with extensive examination experience and expertise in banking technologies. Instructors come from across the Federal Reserve System as well as other regulatory agencies and industry.