by Zach Duke | Jan 24, 2025 | Information Security, Community Banking, Cybersecurity, IT, IT Security, Risk Management
In the world of cybersecurity and third-party risk management, spreadsheets have become a popular tool. Institutions often use them for tasks such as tracking exceptions from audits, managing access rights, and conducting risk assessments. Despite their frequency of...
by Zach Duke | Jan 9, 2025 | Access Mangement, Community Banking, Information Security, IT
Securing your information security budget is challenging—especially in tight economic times. While the strategies for approval are crucial, it’s equally important to have a plan for when not everything makes it through the budget process. This is where documenting...
by Zach Duke | Dec 17, 2024 | Access Mangement, Community Banking, Cybersecurity, FDICIA, FFIEC, Information Security, IT, User Access
For financial institutions subject to FDICIA, the Federal Deposit Insurance Corporation Improvement Act, the annual management attestation is a critical declaration of compliance. It signifies that the institution’s internal controls over financial reporting (ICFR)...
by Zach Duke | Nov 25, 2024 | Access Mangement, FFIEC, Information Security, IT, IT Security, Regulatory, User Access
Access management is a critical component of cybersecurity and compliance, especially for financial institutions where security expectations are paramount. The challenges surrounding permissions management, particularly during user access reviews, are increasing due...
by Zach Duke | Nov 7, 2024 | Risk Management, Community Banking, Cybersecurity, IT, IT Security, Uncategorized, User Access
As highlighted in a recent article from the Federal Reserve, managing third-party relationships and the access associated with those relationships is a critical component of Third-Party Risk Management (TPRM). The associated access third party vendors have to banking...
by Beth Sumner | Oct 30, 2024 | User Access, Community Banking, Cybersecurity, FFIEC, IT
With all eyes focused on AI regulations and the sunset of the Cybersecurity Assessment Tool (CAT), the recently released FFIEC Development, Acquisition, and Maintenance (DA&M) has almost slid under the radar. However, this new booklet is a complete rewrite...
