In This Presentation:

- Regulatory expectations for financial institutions

- Risks for financial institutions

- Planning to reduce risks

- The Breach

- Duties and responsibilities

- Consequences of breach

- The Litigation/Regulatory Action

- High-Profile Lessons Learned

- Final Take-aways?

- Excerpt from Regulatory expectations for financial institutions:

What expectations does the FFIEC have for financial institutions as it relates to data security?

- 1) Information Security Risk Assessment;

- 2) Information Security Strategy;

- 3) Security Controls Implementation;

- 4) Security Monitoring; and

- 5) Security Process Monitoring and Updating.