by Finosec | Feb 2, 2023 | Cybersecurity, Banking, Infosec, Reporting, User Access
Step 5 is the final step in the User Access Review Best Practices series. The goal of this step is to focus on increasing standardization to develop a more mature and routine approach to user access reviews by focusing on three key areas. Roles and baseline...
by Finosec | Jan 12, 2023 | Banking, Community Banking, Cybersecurity, Fintech, Information Security, Reporting, User Access
We learned about the importance of a System Map in Step One: Building the Foundation, last week. This week, we are discussing Step 2 – Start with the Most Important. In this critical step in the user access review process, you will identify the most important systems...
by Finosec | Jan 5, 2023 | Cybersecurity, Information Security, User Access
Let’s acknowledge a few things at the start. User access reviews (UAR) are important, and increasingly so. Examiners expect you to complete them regularly. They’re a crucial element of your overall cybersecurity program. They’re complicated and they take time. Finosec...
by Finosec | Dec 15, 2022 | Community Banking, Cybersecurity, Information Security, Infosec, Reporting, User Access
Do you believe the full title? Or do you believe the parenthetic comments are a better descriptor? Here’s a simple and universal truth of the human condition: we tend to avoid tasks we think will be hard. Or complicated. Or time consuming. Or all three! An earlier...
by Finosec | Nov 23, 2022 | Banking, Community Banking, Cybersecurity, Information Security, Infosec, User Access
Financial institutions have long viewed user access reviews as a double edged sword. On one hand, regulators require them. They’re a crucial component in managing to least privilege. But they’re a challenge to conduct on a regular schedule. And if you have to rely on...
by Finosec | Nov 17, 2022 | Cybersecurity, Information Security, Infosec, Reporting, User Access
User access reviews are important. They also tend to be a complex, time-consuming task. When you add the regulatory and cybersecurity insurance expectations about these reviews and how often they really should be completed, it gets worse. Finally, to complete the...
