by Zach Duke | Dec 17, 2024 | Access Mangement, Community Banking, Cybersecurity, FDICIA, FFIEC, Information Security, IT, User Access
For financial institutions subject to FDICIA, the Federal Deposit Insurance Corporation Improvement Act, the annual management attestation is a critical declaration of compliance. It signifies that the institution’s internal controls over financial reporting (ICFR)...
by Zach Duke | Nov 25, 2024 | Access Mangement, FFIEC, Information Security, IT, IT Security, Regulatory, User Access
Access management is a critical component of cybersecurity and compliance, especially for financial institutions where security expectations are paramount. The challenges surrounding permissions management, particularly during user access reviews, are increasing due...
by Zach Duke | Nov 7, 2024 | Risk Management, Community Banking, Cybersecurity, IT, IT Security, Uncategorized, User Access
As highlighted in a recent article from the Federal Reserve, managing third-party relationships and the access associated with those relationships is a critical component of Third-Party Risk Management (TPRM). The associated access third party vendors have to banking...
by Beth Sumner | Oct 30, 2024 | User Access, Community Banking, Cybersecurity, FFIEC, IT
With all eyes focused on AI regulations and the sunset of the Cybersecurity Assessment Tool (CAT), the recently released FFIEC Development, Acquisition, and Maintenance (DA&M) has almost slid under the radar. However, this new booklet is a complete rewrite...
by Zach Duke | Oct 10, 2024 | User Access, Community Banking, Cybersecurity, Data Access Governance, FFIEC, Governance, Information Security Governance, IT
The FFIEC has updated their expectations for access management with the Authentication and Access to Financial Institution Services and Systems Guidance. This guidance expands beyond traditional customer authentication and places a significant emphasis on...
by Beth Sumner | Sep 12, 2024 | AI, Community Banking, Financial Institutions, IT, IT Security
Several months ago, I wrote a blog on Shadow IT, emphasizing the risks of unapproved software and systems used by employees without the knowledge of the IT department. Shadow IT can lead to significant security vulnerabilities, as it is impossible to protect...