Back to Blog

Ransomware Self Assessment Tool

By Finosec

September 28, 2021

Get notified on new insights from Finosec now!

Be the first to know about new Finosec blogs to grow your knowledge of the cybersecurity governance industry today!

Finosec President and CEO Zach Duke has spent a few minutes breaking down the Ransomware Self Assessment Tool. This tool was created by the Conference of State Bank Supervisors, and was crafted to help mitigate the risks associated with Ransomware. Furthermore, it serves as an effective communication piece that demonstrates to upper level management how the institution is actively being protected against this particular risk. Watch the short video below for what this tool includes and how it could serve you.

It is no surprise that the topic of ransomware has dominated the news as well as the minds of financial institutions everywhere. This conversation will continue to take place, and your regular exams and audits will be no exception. Here are some of the key questions this Ransomware self-assessment will ask so you can be ready when those conversations happen. 

  1. What controls do you have in place? 
  2. Do you have a Gap Analysis (that is, have you addressed elements that you do not currently have, but would like to?)
  3. Following number 2, what is the budgeting process to address gaps in your institution? 
  4. Are you following the principle of least privilege and confirming that admin access is limited only to those who need it? 
  5. Is MFA instituted at your institution? 
  6. Finally, do you have cybersecurity insurance that will cover you in the event of a ransomware attack?

This is a subject that will only continue to grow and evolve, and more information is sure to come. To watch Finosec co-founder and CTO Scott McIlrath’s discussion on the new Finosec tool to address this self assessment, and to make sure you stay up to date on the latest news in cybersecurity and information security, be sure to sign up for the Finosec Academy by visiting https://www.finosec.academy

Feel free to reach out to the Finosec team if you have any questions about the RSAT or any other cybersecurity governance issue. 

More from Finosec

The Critical Link Between Third-Party Risk Management (TPRM) and Access Management

The Critical Link Between Third-Party Risk Management (TPRM) and Access Management

As highlighted in a recent article from the Federal Reserve, managing third-party relationships and the access associated with those relationships is a critical component of Third-Party Risk Management (TPRM). The associated access third party vendors have to banking systems is known as Access Management and is foundational for mitigating risks associated with third-party relationships. Access Management may be easy to overlook because it does not always reside with the same person or team as TPRM; making it difficult to provide critical oversight.

With increased regulatory focus, how should institutions be thinking of Access Management? Here are five steps your institution can take today to strengthen your third-party governance.

The Critical Foundation of Managing Access to Banking Systems

The Critical Foundation of Managing Access to Banking Systems

Managing access to banking systems has become increasingly complex as financial institutions navigate legacy reporting systems, API access, and cloud solutions. These challenges, along with the risks posed by unmanaged systems, emphasize the need for maintaining a...

Talk To An Expert Now
Talk To An Expert Now 770.268.2765