Insurance Information & Cybersecurity Programs - In-Person
This in-person CPE course is focused on how to address the NAIC Insurance Data Security Model Law which defines the internal controls within an insurance industry organization. It is focused on the information technology general controls that are necessary to provide compliance with this Act.
The insurance industry is subject to various regulations and laws that require them to protect sensitive customer information and maintain the confidentiality, integrity, and availability of their systems and data. To meet these requirements, insurance companies are required to implement information security and cybersecurity programs.
These programs typically include measures such as risk assessments, incident response plans, security awareness training for employees, and regular security audits and testing. Additionally, insurance companies need to understand their level of internal risk and how that drives their needs for implementing advanced security technologies such as firewalls, intrusion detection systems, and encryption to protect their networks and data from cyber threats.
This 8 CPE in-person event is designed for information technology professionals, internal auditors, compliance managers and others who have the responsibility for managing the insurance organization's internal control framework and information technology general controls.
Each attendee will receive 8 Auditing CPE Hours (YB). A certificate of completion will be provided.
Details on Event Presentation
The sessions will be as follows:
Thursday – 9:00 a.m. to 5:00 p.m.
Offered in-person in various cities.
We can schedule private events on your timetable for three or more attendees.
CPE Event Highlights
This event addresses managing an information security and cybersecurity program in the insurance industry involves creating a comprehensive program that addresses:
- Conducting a risk assessment to identify potential threats and vulnerabilities. This may include evaluating the organization's IT infrastructure, network security, and data management practices.
- Developing and implementing security policies and procedures that align with industry standards.
- Establishing an incident response plan to address and respond to cyber-attacks and data breaches.
- Implementing technical controls such as firewalls, intrusion detection and prevention systems, encryption, and multi-factor authentication to protect against cyber-attacks and unauthorized access to sensitive data.
- Regularly monitoring and testing the effectiveness of security controls and incident response plan.
- Conducting regular employee training and awareness programs to educate staff on information security and cybersecurity best practices.
- Continuously monitoring and keeping abreast of the latest industry standards, regulations, and threats.
- Regularly reviewing and updating the information security and cybersecurity program to ensure its relevance and effectiveness.
- Understand the importance of information security and cybersecurity in the insurance industry and the regulations and laws that govern it.
- Identify and understand common information security and cybersecurity threats facing the insurance industry.
- Learn best practices for risk management and incident response in the insurance industry.
- Become familiar with the security technologies and controls commonly used in the insurance industry.
- Understand the role of employee awareness and education in maintaining the security of insurance company systems and data.
- Learn about incident response plans and procedures and how to report a cybersecurity incident.
- Develop the skills necessary to create and maintain a strong information security and cybersecurity program in the insurance industry.
- Understand the role of IT Auditing, Governance and Compliance requirements in the insurance industry
- Learn about the latest threat landscapes, trends and risk management strategies to protect the insurance industry.
- Understand the importance of Cyber Insurance and how it can protect the insurance industry.
Key Issues on the Agenda
- Section 1: Introduction and the importance of information security and cybersecurity
- Section 2: Overview of relevant regulations and laws impacting the insurance industry via the Model Law
- Section 3: Reveiw of common information security and cybersecurity threats facing the insurance industry
- Section 4: Best practices for risk management, internal control implement and incident response in the insurance industry
- Section 5: Discussion of the role of employee awareness and education in maintaining the security of insurance company systems and data
- Section 6: Review of incident response plans and procedures
- Section 7: Information on how to report a cybersecurity incident
- Section 8: Conclusion and next steps for maintaining a strong information security and cybersecurity program in the insurance industry.
NASBA Program Disclosure
Program Level of Understanding: Intermediate to Advanced
Prerequisites: Participants should come with a knowledge of internal control frameworks.
Advance Preparation: A number of documents will be provided in advance.
Delivery Format: On-site Training (Group-Live); Seminar (Group-Live)
NASBA Field(s) of Study: Auditing
CPE Credits: 8, based on 50 minutes of instruction per hour.
Summary of the Subject Matter
This CPE program provides an overview of insurance information cybersecurity programs, covering key cybersecurity threats facing the industry and effective risk management strategies. Attendees will learn about the importance of cybersecurity for insurance companies, as well as how to develop, implement, and maintain effective cybersecurity programs that meet regulatory requirements. Topics covered include risk assessment, security controls, incident response, and incident reporting. The program also includes information on emerging cybersecurity threats and trends, as well as best practices for data protection and privacy. The program is designed for cybersecurity professionals, IT professionals, and others in the insurance industry responsible for managing cybersecurity risks.