The Federal Financial Institutions Examination Council (FFIEC) Authentication Guidance update in August 2021 has marked a significant step towards enhancing authentication and security access measures within financial institutions. This update expanded upon previous handbooks from 2005 and 2011, emphasizing a broader scope that now includes employees, third-party vendors, and system-to-system communications via APIs.
Finosec Tools and Resources to Empower You and Your Team
Finosec BlogTopics
Get notified on new insights from Finosec now!
Be the first to know about new Finosec blogs to grow your knowledge of the cybersecurity governance industry today!Resources for:
User Access
Simplifying Identity and Access Management: A Guide for Financial Institution Executives
In the rapidly evolving landscape of banking technology and cybersecurity, understanding and implementing effective Identity and Access Management (IAM) strategies is more crucial than ever. Yet, we understand that delving into the complexities of IAM can be daunting. Our goal is to unpack this crucial matter into straightforward and practical measures.
Safeguarding Your Assets: Preventing Privilege Creep
Prevent privilege creep, boost cybersecurity. Learn risks & strategies in our blog. Strengthen your defenses now!
5 Steps For User Access Review Best Practices
Secure your financial institution with our User Access Review Best Practices white paper. 5 steps to simplify the process & reduce completion time.
Step 5 – User Access Review Best Practices: Increase Maturity
The goal is to focus on increasing standardization to develop a more mature and routine approach to user access reviews by focusing on three key areas.
Step 4 – User Access Review Best Practices: Review System Access and Permissions
Step Four in the FINOSEC user access review best practice series is to ensure users who have access to your systems have legitimate duties that justify not only access but their specific permissions for those systems.
Step 3 – User Access Review Best Practices: Risk Rate Systems & Access
user access review best practices series is to rate and prioritize the system risks you identified as the most important systems
User Access Review Best Practices: Step 2 – Start With The Most Important
You should always start this process with the highest-risk systems. These typically include things such as active directory, core processors, wire transfers, and more. Overall, every system you have for which there is privileged access will usually be a higher-risk system.
User Access Review Best Practices: Step 1 – Building the Foundation
User access reviews are important, Examiners expect you to complete them regularly, They’re a crucial element of your overall cybersecurity program…
User access reviews are (not) hard and (don’t have to) take too much time!
Here’s a simple and universal truth of the human condition: we tend to avoid tasks we think will be hard. Or complicated. Or time consuming. Or all three!