|
|
Program |
|
Many of the
presentations offered at the Summit are available here in PDF format. |
Click on the link under
each session title to view. General Sessions
“Enhancing
Your Technology Risk Assessment Practices To Get You Past The Velvet Ropes At
Clubs Around Town”
Joel Lanz, CPA
With technology risk management being the “hot-topic” at parties around town, the popularity of bank technologists has never been greater. With their expertise and experience dealing with IT Auditors, information security, privacy, vendor management and business continuity, and the popularity of these bankers has dramatically increased. With this popularity comes social responsibility and status. However, for many bank technologists, “this moment in time” can disappear once the “beautiful people” at the trendiest clubs start asking you about complying with the recently issued FFIEC Information Technology Handbooks. Will your standing on the “A1 Party List” be jeopardized if you cannot share your ideas on the latest technology risk assessment practices? Or, heaven forbid, what happens if someone from the Audit Department is working as “the bouncer” at your favorite club?
Fear not. In this fast-paced session, bankers will learn the requisite social skills to deal with the latest technology risk assessment trends and practices appearing in the “fashion capitals of the world.”
“Hackers
and Your Bank’s Network - Balancing the Technology/Management
Equation”
Cary T. Conrad, MessageSecure Corp
It seems that every day you are being bombarded by phone calls from everyone under the sun trying to sell you on the latest tool for protecting your institution. How many wiz bang systems can one institution have? How many reports can you review before your eyes cross? The recent FFIEC guidance released earlier this year is the clearist view into the regulators expectations. That said, the regulations are still open to interpretation.
In this presentation, Cary will separate myth from fact presenting in a clear, concise way the tools that are a MUST have and those that are nice to have. Tools and management processes to keep the hackers out and the regulators happy. Attendees will receive ideas on how to manage the flood of information and the demands of maintaining a regulatory compliant IT organization. Real ideas that you can apply today.
“The
Top Ten Reasons Not to Write A Recovery Plan”
Tom Williams, Jack Henry & Associates, Centurian Division
During this session we will explore the top ten reasons why banks avoid the task of writing “bank-wide recovery plans”. In many cases banks do have plans, but the question is; will it truly work in a disaster? Quite often the answer is “no” or “we are not sure”. In either case, the need is there to update or rewrite the plan. During this session we will explore the reasons why the plan seldom gets written. We will provide specific direction and tools on how to overcome the barriers of writing the plan. We will also discuss the plan development steps and the components of the plan. In addition we will explore the topics of executing, testing and maintaining the plan. This is a must session for anyone associated with developing, maintaining or executing a recovery plan. The session will cover both novice and advanced topic matter. If you have a plan, this session will help you make it more effective. If you don’t have a plan, you need one. This session will provide you with a roadmap to get through the planning process.
“Regulatory Panel Discussion and Q&A”
Ruth L. Razook, RLR Management Consulting, Inc. - Moderator
Marlene Roberts, FDIC
Mark Snyder, FRB-SF
William
Grant, OTS
Meg Cronin, OCC
Roberts Presentation | Cronin Presentation
New Technology Guidance - The Regulators have been busy! The FFIEC has re-written the Book for Information Security Audits and Business Continuity Planning. There is more to come:
- Electronic Banking
- Cross Boarder Outsourcing
- Joint Issuance with FBI - Security Best Practices
Additional guidance has been published on Software Patch Management (applies to FDIC Supervised Banks) and Supervision of Technology Service Providers already this year. Come talk to the regulators and hear how the guidance will affect your bank!
Concurrent Sessions
“Going
Paperless: Bringing Document Imaging to Your Bank”
John Jones, Data Center Inc.
This session will overview how a document imaging system can improve efficiency and reduce costs at community banks. Additionally attendees will take away information on how to evaluate an institution’s needs and choices for document imaging, and how to prepare, implement and automate the chosen system for maximum efficiency.
“Service
Provider Management: Setting Vendor Expectations and Managing to Them”
Dean Schumann, RSM McGladery
Managing your vendor’s starts the day your bank meets a potential vendor to discuss your requirements for the system being considered whether it is the core application processing or a less critical ancillary application. Clearly defining your requirements, developing service level agreements (SLAs), and managing the vendor before, during and after the initial installation will allow your bank to gain the greatest value from the vendor. This presentation will provide valuable insight on what other banks are doing to manage their vendors and benefit the most from the relationship both short-term and long-term. It will discuss both the vendor’s and bank’s responsibilities are for a good working relationship.
“Wireless
Networking: The Agony & The Ecstasy”
Michael Neshem, ESSI
Michael Neshem, CISSP and Security Guru ESSI, will address wireless applications. Mick will talk about new and cool wireless applications as they apply to the banking industry, as well as the technical requirements of supporting these applications. As a Security Guru, Mick will highlight the number one concern when enabling wireless applications: Security! Enabling wireless on your network may open you up to a lot of fun and useful applications, but whom else is it allowing into your network? During his talk, Mick will demonstrate a hack of a wireless system to show how easy wireless makes unauthorized network access. Mick will help you understand how to safely deploy and manage wireless applications on your network.
“Leading
Edge Technology: What’s the Future for Community Banks?”
Steve Yunker, Moss Adams, LLP
Steve will present information, which allows the audience to gain a fundamental understanding of the latest technologies and learn about basic components of Biometrics, Virtual Private Networks and Wireless network connectivity. This overview will help you decide if these technologies are appropriate for your institution and if they fit into your long-term network and security plans.
Biometrics - recognizing a person based on a physiological or behavioral characteristic.
Virtual Private Network’s - connecting remote users to your network.
Peer Group Discussion
Learn from Your Peers: Bankers will have one formal round-table group discussion allowing you to share ideas with non-competitor bankers. Our committee members will act as facilitators of these discussions which will focus on the topics of the Summit. Why reinvent the wheel? Learn from others who have already addressed issues facing you today.
Summit Advisory Committee
Kevin Bender, American River Bank Vicki Ramos, RLR Management Consulting, Inc. Valerie Blake, Evergreen Bank Ruth Razook, RLR Management Consulting, Inc. Chris Jolley, Community Bank of Nevada Michael K. Roberts, Bank of Alameda Jerro Otsuki, Orange Community Bank Mike Schwedhelm, United Labor Bank, F.S.B.