Effective NAIC Cybersecurity Programs - In-Person
Cybersecurity is perhaps one of the most important topics for the insurance industry today.
Insurers and insurance producers must protect the highly sensitive consumer financial and health information collected as part of the underwriting and claims processes. This personally identifiable information (PII) is entrusted to the insurance industry by the public.
We will provide guidance on having a program that will address the NAIC cybersecurity activities including:
- Principles for Effective Cybersecurity: Insurance Regulatory Guidance,
- NAIC Roadmap for Cybersecurity Consumer Protections,
- Updates to the Financial Condition Examiners Handbook concerning cybersecurity risks and protocols,
- Insurance Data Security Model Law.
The in-person event will include a review of the The National Institute of Standards and Technology (NIST) framework for improving critical infrastructure cybersecurity. The framework provides a structure of standards, guidelines and practices to aid organizations, regulators and customers with critical infrastructures in effectively managing cyber risks.
This course is designed for professionals experienced in working with internal controls and ERM programs.
The cost of this internal audit training seminar is $1,395.00 for each attendee.
This internal control training course will provide each attendee with 16 Auditing CPE Event Hours (YB). A certificate of completion will be provided.
Details on Event Presentation
Offered in-person in two eight hours sessions in 2024 for 16 CPE credits on Tuesday-Wednesdays.
The sessions will be as follows:
Day One – 8:45 a.m. to 5:00 p.m.
Day Two - 8:45 a.m. to 4:00 p.m.
CPE Event Highlights
We will cover the elements of an effective cybersecurity program:
-
Having a formal, well documented cybersecurity program.
-
Conducting prudent risk assessments.
-
Having a reliable audit of security controls.
-
Having clearly define and assign information security roles and responsibilities.
-
Creating strong access control procedures.
-
Ensuring that any assets or data stored in a cloud or managed by a third party service provider are subject to appropriate security reviews and independent security assessments.
-
Conducting periodic cybersecurity awareness training.
-
Implementing and managing a secure system development life cycle (SDLC) program.
-
Having an effective business resiliency program addressing business continuity, disaster recovery, and incident response.
-
Encrypting sensitive data, stored and in transit.
-
Implementing strong technical controls in accordance with best security practices.
-
Responding properly to any past cybersecurity incidents.
-
Learning Objectives
Attendees will:
-
Understand how the cybersecurity program must have the capability to prepare for, protect from, and respond to cyber attacks' potential effects.
-
Learn the overall strategic decisions that need to be made to improve and enhance a cybersecurity program.
-
Gain knowledge of how information sharing relationships and communications paths are necessary for collecting and disseminating cyber incident situational awareness, response and recovery information.
-
Understand that the cybersecurity program will have to embrace a continuous improvement mode of operation.
-
Key Issues on the Agenda
Introduction
Section 1 The NIST Framework
Section 2 Documenting an effective cybersecurity program
Section 3 Example of Cybersecurity Risk Assessment
Section 4 What is your perimeter?
Section 5 Understanding Your Data
Section 6 Controlling Access to the Data
Section 7 Training the People
Section 8 Auditing the data protection
Section 9 Summary and Wrap-UpNASBA Program Disclosure
Program Level of Understanding: Basic
Prerequisites: None Advance Preparation: None
Delivery Format: Group Internet Based
NASBA Field(s) of Study: Auditing, Information Technology
CPE Credits: 16, based on 50 minutes of instruction per hour
Summary of the Subject Matter
The CPE event "Effective NAIC Cybersecurity Programs" delves into the intricate landscape of cybersecurity within the insurance industry, offering a profound exploration of strategies and best practices to fortify cyber resilience. Attendees can expect an insightful journey through the multifaceted realm of cybersecurity, tailored specifically to the nuances of the National Association of Insurance Commissioners (NAIC) regulatory framework.
During this event, participants will uncover pivotal areas such as the evolution of cybersecurity threats in the insurance sector, the integration of NAIC cybersecurity guidelines with organizational policies, and the implementation of proactive measures to mitigate cyber risks. Moreover, the event aims to equip attendees with a comprehensive understanding of incident response planning, data protection protocols, and the alignment of cybersecurity initiatives with regulatory compliance requirements set forth by the NAIC.
By attending this event, professionals in the insurance domain can anticipate gaining actionable insights and practical tools to enhance their cybersecurity posture, thereby fostering trust and security among clients while upholding regulatory standards within the dynamic landscape of cyber threats.