CUNA Security Certification Institute: Technology
Topics & Objectives

Please note that the Topics/Objectives listed below are subject to change.

GENERAL SESSIONS:

Security & Compliance Issues Working Together to Protect the Credit Union

• Gain a better understanding of the current landscape of security issues
• Review compliance issues that impact the role of technology and security staff at your credit union
• Explore how a sound risk management program can identify and assess potential security and data breaches

Fraud Issues – Today's Trends & Future Threats

• Learn about the current fraud issues that security officers and IT staff face today
• Network with your peers and industry experts about these security issues for your credit union

Integrating IT & Facility Security Issues

• Understand the importance of security integration and convergence, and how it can benefit your credit union
• Learn how to make security integration work at your credit union
• Discuss surveillance systems and your network
• Explore ways that IT staff and security officers can create a partnership and make it work

Electronic Fraud Issues – How to Thwart

• Discover new and emerging electronic fraud concerns including phishing, vishing, and man-in-the-middle attacks
• View real-life examples of the latest and most common attacks, and learn consequences
• Identify practical guidance to help you detect and deter electronic fraud
• Understand the legal principles governing electronic banking mechanisms
• Learn how to establish effective programs to deal with fraud attempts to minimize your liability
• Get guidance on educating members about how to avoid becoming a fraud victim
• Find out how to stay informed on new types of fraud schemes

BREAKOUT SESSIONS:

The Technology Tools to Building a Secure Organization

• Explore some of the current risks and threats to credit unions
• Gain a better understanding of the changing hacker – who they are, the tools used, the methodology, and current threats
• Explore layered security issues including edge security, core network security, and system security
• Discuss what key elements should be included in a risk assessment that will benefit your credit union
• Analyze the costs and benefits of a comprehensive list of security technologies and determine which your credit union should implement
• Identify where most credit unions fall short in their security procedures

Security Issues & Third Party Due Diligence

• Explore NCUA regulations
• Determine what should and shouldn't be outsourced to third party vendors and review the challenges associated with outsourcing
• Establish the types of partnerships your credit union should utilize and the types of access requirements
• Gain a better understanding of network access problems and how to restrict partners accessing sensitive information
• Explore methods to use when conducting a vendor review and how to conduct an evaluation
• Understand the importance of a SAS70 including the classification of vendors into tiers and the different levels of documentation recommended
• Review best practices for vendor due diligence
• Learn how collected security scan information performed against your vendors
• Examine the significance of collecting disaster recovery plans and test results to make sure they align with your credit union’s plan

Social Engineering

• Understand social engineering principles
• Identify the red flags of social engineering attempts
• Discuss best practices and resources for related risk mitigation

Identifying Vulnerabilities & Guarding Against Intrusions

• Discover the fundamentals of penetration testing and why it is becoming increasingly important
• Build a strong awareness of the wide range of risks and threats faced today
• Learn the critical difference between vulnerability scanning and penetrating testing
• Learn how to determine whether your current security investments are detecting and preventing attacks
• Discuss the importance of web application testing
• Gain a solid understanding of the control measures that need to be put in place to limit vulnerabilities and risk of attack