by Zach Duke | Nov 25, 2024 | Access Mangement, FFIEC, Information Security, IT, IT Security, Regulatory, User Access
Access management is a critical component of cybersecurity and compliance, especially for financial institutions where security expectations are paramount. The challenges surrounding permissions management, particularly during user access reviews, are increasing due...
by Zach Duke | Nov 7, 2024 | Risk Management, Community Banking, Cybersecurity, IT, IT Security, Uncategorized, User Access
As highlighted in a recent article from the Federal Reserve, managing third-party relationships and the access associated with those relationships is a critical component of Third-Party Risk Management (TPRM). The associated access third party vendors have to banking...
by Beth Sumner | Oct 30, 2024 | User Access, Community Banking, Cybersecurity, FFIEC, IT
With all eyes focused on AI regulations and the sunset of the Cybersecurity Assessment Tool (CAT), the recently released FFIEC Development, Acquisition, and Maintenance (DA&M) has almost slid under the radar. However, this new booklet is a complete rewrite...
by Zach Duke | Oct 10, 2024 | User Access, Community Banking, Cybersecurity, Data Access Governance, FFIEC, Governance, Information Security Governance, IT
The FFIEC has updated their expectations for access management with the Authentication and Access to Financial Institution Services and Systems Guidance. This guidance expands beyond traditional customer authentication and places a significant emphasis on...
by Zach Duke | Aug 15, 2024 | User Access, Community Banking, Data, Data Access, Data Access Governance, Data Protection, Financial Institutions, Information Security, User Access Reporting
Preparing for your next examination can feel overwhelming as the regulatory expectations continue to expand. As you gear up for your next regulatory examination (or audit), it is crucial to align with the expectations outlined in the Federal Financial Institutions...
by Beth Sumner | Aug 1, 2024 | Community Banking, Employee, Employee Records, Financial Institutions, Information Security, IT, Risk, Security, Terminated Employees, User Access
When I first entered the banking world, user access reviews were much more straightforward. Spreadsheets were used to capture the basics of who had network and core application access. There was a page in each employee’s file listing the keys and codes they had, and...