9.75W Components of an Information Security Program



Chances are your Information Security Program has changed over the years to adjust to the demands of auditors and regulatory examiners without fully understanding how each component fits in the overall strategy or contributes to your credit unions security posture.

This course was designed to take a step back and approach the Information Security planning process from a business perspective. Participants will learn the components of a comprehensive InfoSec Program, understand the role and purpose of each for mitigating risk to IT assets, and identify gaps and weaknesses in existing strategies and controls.



This course is geared toward credit union professionals responsible for the development and maintenance of their organizations Cybersecurity and Business Continuity Plans.



By the completion of this course, participants will be able to:

  • Understand the need to protect the confidentiality, integrity, and availability of sensitive data and the systems that host and process the data.
  • Describe the components of an effective Information Security Program
  • Recognize the different types of controls used to mitigate risk
    • Administrative
    • Technical/Logical
    • Physical
  • Identify the tools available to assess and audit existing controls and to measure the maturity of your Information Security Program
  • Design a roadmap to improve your credit unions cybersecurity posture
  • Become familiar with services and resources available from CU*Answers designed to assist


This course covers the following topics:

  • Acknowledging the threat landscape
  • Reviewing the security standards and guidelines for credit unions
  • Identifying the components of a comprehensive Information Security Program
  • Assessing control effectiveness
  • Prevention, detection, and incident response
  • Steps to improve staff security hygiene