Information Security and IT Outsourcing as per German MaRisk
The seminar gives an overview of the MaRisk requirements for information security for financial services companies under German supervision. The requirements existing in MaRisk are discussed in the context of other regulations and complemented by a summary of legal responsibilities. Participating in this seminar will give an in-depth overview of the overlapping topics of risk management according to MaRisk and information security as per ISO 27000. The usual outsourcing of IT services at banks will be particularly taken into account and relevant requirements be discussed for both the Bank as well as the IT- (or IS-) service providers.
- History of MaRisk since 1995
- MaRisk and the legal environment
- Risk management for banks
- Responsibility and liability
- Information security ISO 27000 and MaRisk
- The 14 elements of the ISO 27000 information security system and implementation specifics for banks regulated according to MaRisk
- IT outsourcing responsibility and liability from the perspective of the Bank and from the perspective of the IT- / IS-service provider
- Seminar summary
Interactive lecture, case studies, discussion, group work
Who should attend
Employees in banks from the areas of IT, information security, risk management / risk control, audit and organisation, as well as employees of IT- or IS-service providers for banks, which would deepen their understanding of the legal requirements on information security (IS) defined in MaRisk.