by Finosec | Jan 18, 2023 | Information Security, Infosec, User Access
Step Three in the Finosec user access review best practices series is to rate and prioritize the system risks you identified as the most important systems in Step Two of the UAR Best Practices and align those with the access permissions required. Step Three: Rate...
by Finosec | Jan 12, 2023 | Banking, Community Banking, Cybersecurity, Fintech, Information Security, Reporting, User Access
We learned about the importance of a System Map in Step One: Building the Foundation, last week. This week, we are discussing Step 2 – Start with the Most Important. In this critical step in the user access review process, you will identify the most important systems...
by Finosec | Jan 5, 2023 | Cybersecurity, Information Security, User Access
Let’s acknowledge a few things at the start. User access reviews (UAR) are important, and increasingly so. Examiners expect you to complete them regularly. They’re a crucial element of your overall cybersecurity program. They’re complicated and they take time. Finosec...
by Finosec | Dec 15, 2022 | Community Banking, Cybersecurity, Information Security, Infosec, Reporting, User Access
Do you believe the full title? Or do you believe the parenthetic comments are a better descriptor? Here’s a simple and universal truth of the human condition: we tend to avoid tasks we think will be hard. Or complicated. Or time consuming. Or all three! An earlier...
by Finosec | Nov 23, 2022 | Banking, Community Banking, Cybersecurity, Information Security, Infosec, User Access
Financial institutions have long viewed user access reviews as a double edged sword. On one hand, regulators require them. They’re a crucial component in managing to least privilege. But they’re a challenge to conduct on a regular schedule. And if you have to rely on...
by Finosec | Nov 17, 2022 | Cybersecurity, Information Security, Infosec, Reporting, User Access
User access reviews are important. They also tend to be a complex, time-consuming task. When you add the regulatory and cybersecurity insurance expectations about these reviews and how often they really should be completed, it gets worse. Finally, to complete the...
