This course replaces the FFIEC CAT focus with a modern, bank-ready approach to cybersecurity governance and assessment. You’ll learn how to build and run an Information Security Program (ISP) anchored in regulatory expectations (GLBA/FFIEC), select and implement a cybersecurity framework (e.g., NIST CSF 2.0 with the CRI Profile overlay), and translate risk assessments into testing, reporting, and decisions that your Board can act on.
We’ll walk through the full ISP loop—Risk → Program → Test → Report → Adjust—and practice with hands-on labs: framework selection and scoping (tiers/IGs), evidence standards, remediation road-mapping, quarterly board reporting, and testing calendars.
BONUS! Students should be able to complete a current/target CSF profile (and/or CRI diagnostics at the appropriate impact tier) for their own institution during the course.
This is a management-level certification for executives and IS leaders who need clear, repeatable methods to govern cyber risk, justify investments, and demonstrate effectiveness to auditors and examiners.
Topics
WHO SHOULD ATTEND:
This course is self-paced with 10 weeks allowed to complete. Final exam is required to earn the certification.
By purchasing this certification, you are hereby agreeing to the policies and procedures of the SBS Institute. Click HERE to read and review.
![]() |
SBS | 4.00 |
Introduction | Module | ||
Module 2: ISP Components and Cybersecurity Frameworks | Module | ||
Module 3: NIST CSF 2.0 | Module | ||
Module 4: CRI Profile | Module | ||
Module 5: Using Your Risk Assessments to Make Better Decisions | Module | ||
Module 6: Effective Cybersecurity Reporting and Decision Making | Module | ||
Module 7: ISP Testing and Reporting | Module | ||
CBCM Final Exam | Module |
Click here to view additional Upcoming Certification dates or if you prefer to start sooner than later, click here to start On Demand.
Continue your cyber education by exploring the other courses available in the Executive Learning Path: