Loading...

New FFIEC AIO Handbook - Regulatory Expectations

The new AIO Booklet was developed to reflect the changing technological environment and increasing need for security and resilience. This webinar will include an overview of the new booklet and examiner expectations for your architectural design, infrastructure, and operation of information technology systems.

OnDemand
Recorded Wednesday,
August 25th, 2021
Presented by Susan Orr
2.5 CEU Credits
$279.00 or 1 Token

Includes: 30 Days OnDemand Playback, Presenter Materials and Handouts

  • Risk Management/Legal
  • Technology/Security
  • Internal Auditor
  • IT Professional
  • Risk Manager
  • Senior Management

Save on training and share webinar access across your entire organization.

Request more information

Learn about upcoming events, webinars and discounts.

Sign Up For Email Notifications

The new Architecture, Infrastructure, and Operations Booklet was developed to reflect the changing technological environment and increasing need for security and resilience. This webinar will include an overview of the new booklet and examiner expectations for your architectural design, infrastructure, and operation of information technology systems. The AIO Booklet is designed to replace the former IT Operations Booklet that was originally released in July of 2004. As you are aware there have been significant changes in information security over the years so the Booklet was in much need of being updated to reflect the current and emerging environment Banks operate in. Regulatory expectations have steadily increased since 2004 due to the rapid changes in the threat landscape and need for enhance security and controls. Risk management is essential and a key to ensuring the infrastructure is maintained at a level to meet the ever challenging landscape. As the Booklet states, the functions of AIO comprise a variety of activities, such as network and application design within architecture; selection and placement of physical and virtual technologies within infrastructure; and configuration, deployment, and maintenance of the infrastructure that supports the business within operations. In this overview we will discuss the principles and practices the regulators will be reviewing to assess your AIO functions.

Covered Topics

We will follow the flow of the new Booklet as we do an overview of:

  • Architecture, Infrastructure, and Operations Governance
    • Responsibilities
    • Policies, Standards, and Procedures
    • Audit
    • Communications
    • Reporting
  • Data Governance and Data Management
    • Data Identification and Classification
  • IT Asset Management
    • Inventories
    • End of Life
  • Diagrams/Topology
  • Managing Change
  • Remote Access
  • Personally owned Devices
  • Communications
  • Physical Access and Environmental Controls
  • Operations
  • Cloud Computing

Who should attend

IT, Operations, Senior Management, IT auditors, Information Security Officers.

Susan Orr

Instructor Bio

Susan Orr is a leading financial services expert with vast regulatory, risk management, and security best practice knowledge and expertise.

As an auditor and consultant, Susan is dedicated to assisting financial institutions in implementing appropriate policies and controls to protect confidential information and comply with regulatory mandates and best practices. Her expertise as an auditor and former examiner provides her the knowledge and expertise to conduct comprehensive IT general control and data security reviews and assist de novo institutions in the vendor selection process, preparing policies and procedures, and instituting controls. She also consults for numerous security providers and vendors helping them align products and services to meet institution regulatory mandates. Susan is a Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), and Certified Risk Professional (CRP).

Credit Information

Recommended for 2.5 CEU Credit Hours. After attending this webinar, each attendee can receive a Certificate of Attendance for self-reporting of CEU Credits.

Print this page