Menu Toggle Search

GLBA Security Expectations, Internal Controls & the Human Factor

Oct 15 2:00 PM - Oct 15, 2020 3:30 PM
Oct 15, 2020 2:00 PM - 3:30 PM
Add event to: ICal Outlook Google Calendar

Humans, also known as staff, are often the weak link in the cybersecurity chain. This webinar will identify effective controls and best practices to guard against the “human factor.”  It will also teach you how to apply the FFIEC’s Cybersecurity Assessment Tool (CAT), why a GLBA risk assessment is needed, and where risk can arise.  

Learning Objectives

  • Effectively use the FFIEC’s Cybersecurity Assessment Tool (CAT) to drive cyber risk control adoption
  • Identify and implement effective controls against the human factor
  • Define the need for GLBA risk assessment
  • Explain and justify controls to reduce email phishing
  • List 10 “best practice” IT controls for financial institutions

Take a deep dive into GLBA expectations and learn how to apply the FFIEC’s Cybersecurity Assessment Tool (CAT) and process to address those expectations.  You’ll learn best practice internal controls that are tied back to GLBA expectations for running a safe and sound cybersecurity operation. Case studies highlighting the human factor in the security chain will be emphasized to demonstrate where risky exceptions can arise. This webinar will also address the threats of targeted attacks and phishing/vishing. Examples of publicized breaches and spear-phishing will be examined, such as the compromise of John Podesta’s email from “Gmail” advising he must change his password for security reasons.



Randall J. Romes & John Moeller, CliftonLarsonAllen LLP

Randy Romes has been a cybersecurity consultant at CliftonLarsonAllen since 1999 and brings a strong background in computer technology, physics, and education.  As a Principal in the Information Security Services and Financial Institutions groups, Randy leads a team of technology and industry specialists and is responsible for the continuing development of the open-source, Unix, and Windows applications used in security audits. 

Randy has been involved in developing numerous leading-edge hacking/testing methods and security service offerings. A featured speaker at national information and security management conferences, Randy holds multiple certifications, a Master’s in Educational Technology from the University of Saint Thomas, and a Bachelor’s in Education from the University of Wisconsin – Madison.  In addition, he is an instructor at the Graduate School of Banking at the University of Colorado in Boulder.  

John Moeller, a principal at CliftonLarsonAllen

John Moeller, a principal at CliftonLarsonAllen, is focused on serving the technology needs of financial institutions. Over the past 35 years, John has gained extensive experience developing strategic technology plans for financial institutions. He performs technology and vulnerability/risk assessments, controls reviews, and information security and business continuity program development, implementation, training, and testing.

John is a frequent speaker on information security, IT assessments and strategy, CIO outsourcing, and managed IT services. He holds several professional certifications, including Certified Information Systems Security Professional, Certified Ethical Hacker, and EC Council – Certified Security Analyst.  He received a bachelor’s in Information Technology from Capella University.




Additional Info

Cyber Series

This webinar is also available as part of a four-part series. Purchase the full series of four webinars for $933 and save over $100.

Learn more >>

Event Type

On-Demand Webinar

Topics Covered

  • On-Demand Webinars
  • Fraud, Security & Technology
  • Executive Management