Financial institutions are unique as they are driven by countless regulations and other factors that make it essential to create a framework on which to base corporate and business-unit based risk management. In this session from our 2008 Financial Information Security Decisions conference, Matthew Todd explains how he attacks this problem.
Download this presentation to learn how to:
- Start from basic principles of due care
- Establish a culture of compliance
- Use compliance and laws to give your program critical direction
- Establish effective process and record keeping
- Investigate existing agreements and contracts
- Test, test, test
Download this presentation
About the speaker:
Matthew Todd is chief security officer and vice president, risk and technical operations for Financial Engines, Inc., which offers investment advice and managed account services to retirement plan participants. Along with his staff, Todd is responsible for the security, implementation and maintenance of systems, networks and confidential customer financial data, including diverse secure data connections with leading US financial service providers. Working with legal, compliance, and audit teams, Todd helps business units to identify and mitigate risks.
Todd has been a local mentor for the SANS Institute, and holds the GSEC certification. He has over 15 years' experience in the technology space, and has been actively involved in information security for the last ten years. He currently serves on the Board of Directors of the San Francisco Bay InfraGard Chapter.
