User Access Review Best Practices: Step 1 – Building the Foundation

Let’s acknowledge a few things at the start.

1. User access reviews (UAR) are important, and increasingly so.
2. Examiners expect you to complete them regularly.
3. They’re a crucial element of your overall cybersecurity program.
4. They’re complicated and they take time.

Finosec team members have felt the pain of that last point, and set out to create a solution that would alleviate just that. We have developed a custom application with a tested and proven approach to the overall UAR process. We have completed over 11 million permission reviews, saving financial institutions time, effort, and money. We can come alongside you to help reduce the complexity of the process, save you time, and help you devote fewer resources to completing the task.

The Finosec process involves five steps for better user access reviews. These steps are an excellent way to simplify what can often be perceived as an overwhelmingly complex topic. We will spend this time reviewing the first step in utilizing this user access tool.

Step one: Create a system map

This is where you document the systems, functions, and processes you have in place. In a sense, you identify the “crown jewels” of your institution as well as who is responsible for each one. This information lays the foundation to help you perform better user access reviews. In a sense, it’s an organized overview of all the systems your institution utilizes to perform its necessary functions.

Inventory your software

This is the comprehensive overview of the applications your employees use. It includes a definition of the systems’ functions and their role in your institution. Be aware that you will almost always have more systems than you think you have, and completing this step will likely be a collaborative effort between the different departments in place at your institution.

Record the system locations

Are they in-house, or are they cloud-based? Or are they co-located in some form? Knowing where they are located is vital to manage their data and function.

Call out the systems where users are regularly added or removed

From a user access perspective, this is a crucial step. You must have visibility into where cybersecurity risk may increase because your user lists aren’t current.

Know what kind of API exists on the systems

This is another key aspect of your system map. Everywhere digital data flows creates a cybersecurity risk. When data integration with third parties occurs within your systems, you must be aware of it and document it.

Want more information?

This is just the first step on the journey toward simplified and improved user access reviews. We will spend more time in the coming weeks diving further into this tool and how it can improve what is currently an antiquated process which is reliant on legacy systems.

Join us on January 19th to review and discuss this 5-step process more in depth in our “User Access Best Practices: 5 Steps to Enhance User Access Reviews“ webinar.

Or, if you’re frustrated because your institution still follows outdated processes to complete your user access reviews, you should contact Finosec today. We’d love to work alongside you to simplify your user access review process and make them easier than ever!