New FFIEC AIO Handbook - Regulatory Expectations

The new Architecture, Infrastructure, and Operations Booklet was developed to reflect the changing technological environment and increasing need for security and resilience. This webinar will include an overview of the new booklet and examiner expectations for your architectural design, infrastructure, and operation of information technology systems. The AIO Booklet is designed to replace the former IT Operations Booklet that was originally released in July of 2004. As you are aware there have been significant changes in information security over the years so the Booklet was in much need of being updated to reflect the current and emerging environment Banks operate in. Regulatory expectations have steadily increased since 2004 due to the rapid changes in the threat landscape and need for enhance security and controls. Risk management is essential and a key to ensuring the infrastructure is maintained at a level to meet the ever challenging landscape. As the Booklet states, "the functions of AIO comprise a variety of activities, such as network and application design within architecture; selection and placement of physical and virtual technologies within infrastructure; and configuration, deployment, and maintenance of the infrastructure that supports the business within operations." In this overview we will discuss the principles and practices the regulators will be reviewing to assess your AIO functions.

Covered Topics

We will follow the flow of the new Booklet as we do an overview of:

  • Architecture, Infrastructure, and Operations Governance
    • Responsibilities
    • Policies, Standards, and Procedures
    • Audit
    • Communications
    • Reporting
  • Data Governance and Data Management
    • Data Identification and Classification
  • IT Asset Management
    • Inventories
    • End of Life
  • Diagrams/Topology
  • Managing Change
  • Remote Access
  • Personally owned Devices
  • Communications
  • Physical Access and Environmental Controls
  • Operations
  • Cloud Computing

Who Should Attend?

IT, Operations, Senior Management, IT auditors, Information Security Officers.