The Knowledge Group
The Knowledge Group

Andrea Hoy, President, Virtual CISO/ Intl. President/ Chairman, AHoy & Associates/ ISSA/ Financial SIG to Speak at the KC Event

New York, NY, January 19, 2016 --( The Knowledge Group/The Knowledge Congress Live Webcast Series, the leading producer of regulatory focused webcasts, has announced today that Andrea Hoy, President, Virtual CISO/ Intl. President/ Chairman, AHoy & Associates/ ISSA/ Financial SIG will speak at the Knowledge Group’s webcast entitled: “FFIEC Cyber Security Assessment Tool (Assessment) for Financial Institutions: What You Need to Know in 2016 and Beyond Live Webcast.” This event is scheduled for January 28, 2016 from 3:00pm – 5:00pm (ET).

For further details, please visit:

About Andrea Hoy
Andrea is the founder of A.Hoy & Associates specializing in providing virtual CISO services to companies in transition, startups, and those that just need an encyclopedia of cybersecurity background to handle and fix issues. She is actively involved in the cyber community serving as the International President of Information Systems Security Association (ISSA), the community of choice for international cybersecurity professionals dedicated to advancing individual growth, managing technology risk and protecting critical information. ISSA members represent over 10,000 security professionals worldwide with 137 chapters in 71 countries. Ms. Hoy recently chartered the Financial SIG open to any who have an interest in this area of expertise and actively creating relationships with the community, both law enforcement and industry. Andrea’s leadership positions include leadership roles for McDonnell Douglas, Rockwell, Boeing NA, Fluor and a $10 billion credit union.

About AHoy & Associates
A. Hoy & Associates (AHA), a thriving information security consulting firm that was established to provide essential information security expertise on immediate and specific information security. Their specialty is providing seasoned CISOs that can provide “virtual CISO” expertise for those companies that need assistance, are in the middle of turnover, or just need additional C-level staffing to address an urgent matter or effort. Other services provided range from a quick policy review to wireless vulnerability risk assessments, computer forensics/investigations, senior management briefings, and assisting with developing a total information security strategic plan customized to the specific company culture quickly and efficiently with the utmost discretion.

Event Synopsis:
In June 2015, the Federal Financial Institutions Examination Council (FFIEC) issued a Cyber Security Assessment 'Tool' (Assessment) to help financial institutions evaluate their institutional cyber security risk, preparedness, and mitigation ability.

There are 5 major risk categories including, technologies and connection types, delivery channels, online and mobile products and technology service, organizational characteristics, and external threats. In addition, there are 5 levels of cyber security preparedness ('Maturity') for financial institutions, ranging from baseline, evolving, intermediate, advanced, and innovative. These include examination of various categories ('Domains') including, 'cyber risk management and oversight', 'threat intelligence and collaboration', 'cyber security controls', 'external dependency management', and 'cyber incident management and resilience'. Cyber security principles taken from the FFIEC Information Technology Examination Handbook were incorporated in the Assessment 'tool'.

Understanding each of these components can be a challenge not only for the un-initiated, but also the seasoned veteran. Learn what tools work best to address each of the 5 major categories, understanding that one size does not fit all. The webcast also will discuss the importance of sound data governance and how such practices work to improve the security footprint of an organization and help assure practical compliance sometimes overlooked in writing to standards. As standards become more important for all interested parties such as regulators, courts and business partners, understanding the why, what and how will be essential.

Key topics include:

Cyber Security Assessment Tool (Assessment)- An Overview

Inherent Risk Profile
Evaluation of Cyber Security Maturity

Five Risk Categories

Technologies and Connection Types
Delivery Channels
Online and Mobile Products & Technology Services
Organizational Characteristics
External Threats

Five Domains

Cyber Risk Management and Oversight
Threat Intelligence and Collaboration
Cyber Security Controls
External Dependency Management
Cyber Incident Management and Resilience

Implementation Issues
Possible Legal Challenges
Regulatory Issues
Effects and Implications for Financial Institutions

About The Knowledge Group /The Knowledge Congress Live Webcast Series

The Knowledge Group was established with the mission to produce unbiased, objective, and educational live webinars that examine industry trends and regulatory changes from a variety of different perspectives. The goal is to deliver a unique multilevel analysis of an important issue affecting business in a highly focused format. To contact or register for an event, please visit:
The Knowledge Group
Thomas LaPointe, Jr., Executive Director
Therese Lumbao, Director
Account Management & Member Services