Back to Blog

Staffing Questions

By Finosec

April 21, 2022

Get notified on new insights from Finosec now!

Be the first to know about new Finosec blogs to grow your knowledge of the cybersecurity governance industry today!

In a technology driven industry, it is easy to assume that most of the decisions made around your cybersecurity posture are related to tools and software. While that may be the case a majority of the time, FINOSEC President and CEO Zach Duke also raises some questions and awareness around the impact of staffing on your cybersecurity and information security environment. In the video below, Zach poses questions around ISO independence, support infrastructure, and how to navigate staffing limitations. Watch the video and come back after the break for further discussion.

Zach offered three critical questions that those in executive leadership can ask about their staff as it relates to cybersecurity and information security. 

  1. The regulatory expectation is that the Information Security Officer (ISO) should be separate from IT, so the question is: does the ISO have independence in that role? Can they add administrative accounts or make changes to systems? If so, a critical follow-up question is whether or not you are okay with that business risk and the associated regulatory risk? Being aware of these elements is vital.
  2. Local community banks often see staff wearing multiple hats, and the ISO is not always an exception. The question here is one of support infrastructure: What is the expertise of your staff, how were they trained, and what tools and software are in place to guide and help them? Identifying these components can help you support both new and existing staff.
  3. Based on the previous two questions, Zach poses a third: what are the staff unable to work on? If your team is unable to implement technologies and initiatives, it is worth examining question 3 in light of the first two questions. That is, if there is something your team is unable to do based on the regulatory criteria of ISO independence or lack of support infrastructure, how can that realistically be addressed? 

If you would like to continue this conversation around these questions, we invite you to join us at FINOSEC Academy. We hope to see you there!

More from Finosec

The Critical Foundation of Managing Access to Banking Systems

The Critical Foundation of Managing Access to Banking Systems

Managing access to banking systems has become increasingly complex as financial institutions navigate legacy reporting systems, API access, and cloud solutions. These challenges, along with the risks posed by unmanaged systems, emphasize the need for maintaining a...

Why You Need to Know Every System for Every Employee

Why You Need to Know Every System for Every Employee

Are you confident that your bank has clear and thorough visibility to every employee’s physical and digital access to systems? If you’re like most banks we work with, the answer to this question is “no”. There are many challenges that make tracking employee access...

My Epiphany of AI During a Session With My Therapist

My Epiphany of AI During a Session With My Therapist

For over a year now, every Tuesday, the Finosec team has been holding a meeting to discuss how we are leveraging AI personally, at work, and in our platform. These weekly meetings have consistently focused on sharing the impact of AI for each of us personally and the...

Embracing AI: A Quick Start Guide for Community Financial Institutions

Embracing AI: A Quick Start Guide for Community Financial Institutions

Recently, I had the privilege of speaking to a group of bankers at the ICBA Live conference. When I asked who was using AI, only a few hands went up. Then I asked how many had policies forbidding AI usage, and several more hands were raised. This brought us to an interesting realization: those banks were inadvertently in violation of their own policies. AI isn’t new—it’s been enhancing our industry for years, especially in cybersecurity and fraud detection.

Talk To An Expert Now
Talk To An Expert Now 770.268.2765