by Finosec | Jul 19, 2022 | Banking, Board, Board Training, Cybersecurity, Reporting, User Access
User Access There are likely a high number of systems in place at your institution. Running a successful financial institution relies heavily on tools and technologies that will improve the efficiencies of you and your team. But when it comes to the users of your...
by Finosec | Jun 16, 2022 | Banking, Board, Board Training, Cybersecurity, Information Security
It’s vital for you to fully understand the information security management systems you have in place But it’s a nuisance to keep track of them all. First, you need to know the status of every component, especially for the systems you outsourced. Then, you must also...
by Finosec | Jun 2, 2022 | Banking, Board, Board Training, Cybersecurity, Information Security, IT, IT Controls, Processess, Risk Assessment
Managing Risk Bankers are intrinsically good at managing risk. Credit quality, credit validation, and even loans all involve risk management. Cyber security and information security really aren’t all that different, but the processes can seem a bit more complicated....
by Finosec | May 19, 2022 | Banking, Board Training, Cybersecurity, Information Security
ISO Independence A vital component of your information security program is an information security officer that is independent and adhering to appropriate segregation of duties as outlined by regulatory expectations. The FFIEC Information Security Handbook states:...
by Finosec | May 5, 2022 | Banking, Cybersecurity, Exam
And let’s acknowledge the tests associated with bank examiners definitely fall into the “not fun” category. It’s partly because the scope of what bank regulators expect continues to expand. A lot of the focus is on the steps your institution takes to keep private...
by Finosec | Apr 27, 2022 | Cybersecurity, Banking, Security
Have you addressed the Computer-Security Incident Notification Requirements for Banking Organizations? Full compliance has been extended to May 1, 2022. Five questions to ask: Have we updated our Incident Response Plan? Do we have documentation of who and how we...