The registration period is from Aug 21, 2020 12:00 to Apr 14, 2021 12:00
Cyber Series: GLBA Security Expectations, Internal Controls & The Human Factor - Details
Session Available from: Aug 21, 2020 12:00 to Apr 14, 2021 12:00

Session Options: Webinar, Recorded, Both Live/Recorded

Live Session Date: Oct 14, 2020

Add to calendar /education-events/discounted-webinar-sessions/event/1297/Cyber-Series--GLBA-Security-Expectations--Internal-Controls-&-the-Human-Factor?Itemid860= 2020-10-14 14:00:00 2020-10-14 15:30:00 0 Cyber Series: GLBA Security Expectations, Internal Controls & the Human Factor Cyber Series: GLBA Security Expectations, Internal Controls & the Human Factor (90-minute webinar – recordi... - US - YYYY/MM/DD

Event description:

Cyber Series:
GLBA Security Expectations,
Internal Controls & the Human Factor

(90-minute webinar – recording also available)

Wednesday, October 14, 2020

12:00 PM Pacific                 1:00 PM Mountain

2:00 PM Central                 3:00 PM Eastern

Humans, also known as staff, are often the weak link in the cybersecurity chain. This webinar will identify effective controls and best practices to guard against the “human factor.” It will also teach you how to apply the FFIEC’s Cybersecurity Assessment Tool (CAT), why a GLBA risk assessment is needed, and where risk can arise. 


  • Effectively use the FFIEC’s Cybersecurity Assessment Tool (CAT) to drive cyber risk control adoption
  • Identify and implement effective controls against the human factor
  • Define the need for GLBA risk assessment
  • Explain and justify controls to reduce email phishing
  • List 10 “best practice” IT controls for financial institutions


Take a deep dive into GLBA expectations and learn how to apply the FFIEC’s Cybersecurity Assessment Tool (CAT) and process to address those expectations. You’ll learn best practice internal controls that are tied back to GLBA expectations for running a safe and sound cybersecurity operation. Case studies highlighting the human factor in the security chain will be emphasized to demonstrate where risky exceptions can arise. This webinar will also address the threats of targeted attacks and phishing/vishing. Examples of publicized breaches and spear-phishing will be examined, such as the compromise of John Podesta’s email from “Gmail” advising he must change his password for security reasons.


This informative session is designed for IT steering committee members, information security officers, auditors, and compliance officers. 


  • Top 20 information technology controls checklist
  • IT risk assessment template
  • Sample policies
  • Website links for additional reference material
  • Employee training log
  • Interactive quiz 


Randall J. Romes & John Moeller, CliftonLarsonAllen LLP

Randall J. Romes     Randy Romes has been a cybersecurity consultant at CliftonLarsonAllen since 1999 and brings a strong background in computer technology, physics, and education. As a Principal in the Information Security Services and Financial Institutions groups, Randy leads a team of technology and industry specialists and is responsible for the continuing development of the open-source, Unix, and Windows applications used in security audits.

Randy has been involved in developing numerous leading-edge hacking/testing methods and security service offerings. A featured speaker at national information and security management conferences, Randy holds multiple certifications, a Master’s in Educational Technology from the University of Saint Thomas, and a Bachelor’s in Education from the University of Wisconsin – Madison. In addition, he is an instructor at the Graduate School of Banking at the University of Colorado in Boulder.

John Moeller     John Moeller, a principal at CliftonLarsonAllen, is focused on serving the technology needs of financial institutions. Over the past 35 years, John has gained extensive experience developing strategic technology plans for financial institutions. He performs technology and vulnerability/risk assessments, controls reviews, and information security and business continuity program development, implementation, training, and testing.

John is a frequent speaker on information security, IT assessments and strategy, CIO outsourcing, and managed IT services. He holds several professional certifications, including Certified Information Systems Security Professional, Certified Ethical Hacker, and EC Council – Certified Security Analyst. He received a bachelor’s in Information Technology from Capella University.


1. Live Webinar Includes

  • Unlimited connections within your institution to the Live Webinar
  • Handout and Take-Away Toolkit
  • Available on desktop, mobile & tablet
  • Presenter’s contact info for follow-up 

2. Recorded Webinar Includes

  • Recording of the Live Webinar
  • Available two business days following Live date
  • Handout and Take-Away Toolkit
  • Available on desktop, mobile & tablet
  • Free Digital Download, yours to keep
  • Share link with anyone at your institution
  • Presenter’s contact info for follow-up

3. Purchase the BOTH Option to receive all the benefits listed above! Full registration descriptions can be found here.

Note: All materials are subject to copyright. Transmission, retransmission, or republishing this webinar to other institutions or those not employed by your financial institution is prohibited. Print materials may be copied for eligible participants only.