Description:
In this session, we’ll cover the crucial last step in the Information Security Program (ISP) process: testing your decisions. The previous sessions focused on risk mitigation (through risk assessments) and documenting your controls (via your ISP), but now it’s time to test and validate those decisions to ensure they’re truly protecting your institution.
You will learn:
- The different types of cybersecurity tests, including IT Audits, Penetration Tests, Vulnerability Assessments, and Social Engineering Assessments, and how to implement them effectively.
- How to assess the results of these tests to identify weaknesses and refine your ISP for stronger, more resilient security measures.
- Best practices for reporting test results and key cybersecurity metrics to your Board and Senior Management, ensuring they understand both the risks and the actions needed to address them.
- Methods for translating complex cybersecurity concepts into clear, actionable information that decision-makers can grasp, empowering them to make informed, strategic decisions.
- How to use testing and reporting as ongoing tools for improving your institution’s cybersecurity posture and maintaining regulatory compliance.
This session will provide you with practical, hands-on strategies to test your ISP and communicate those findings effectively to senior leaders. By the end of the session, you’ll have the knowledge to confidently report on cybersecurity testing results and provide insights that drive continuous improvement in your institution’s security framework.
Reminder: The registration fee includes live attendance AND a playback recording of the session, available once the session concludes.
Presenters:
Terry Kuxhaus CISSP, CBSTP
Terry Kuxhaus is a Senior Information Security Consultant/Team Lead at SBS CyberSecurity (SBS), a company dedicated to helping organizations identify and understand cybersecurity risks to make more informed and proactive decisions. He is also an instructor for the SBS Institute, leading the Certified Banking Vulnerability Assessor (CBVA) course.
Terry maintains his Certified Information Systems Security Professional (CISSP) and Certified Banking Security Technology Professional (CBSTP) certifications. He received his Bachelor of Science in Technology from Black Hills State University and completed the Bank Technology Management school at the Graduate School of Banking. Terry has been involved with information security practices in banking and government verticals since 1997. He specializes in IT operations, network/cloud security administration, technology evaluations, project management, and helping gain maximum value and benefit from security investments. Joining the SBS consulting team in 2018, Terry is a client-focused leader in cybersecurity and risk management. Terry is passionate about sharing his cybersecurity knowledge and supporting his clients as they strive for increased cyber maturity. On top of being an instructor for the SBS Institute certification program, he speaks at conferences, authors blog posts and articles, hosts webinars, and conducts training.
March 13, 2025