Back to Blog

User Access Review Best Practices: Step 1 – Building the Foundation

By Finosec

January 5, 2023

Get notified on new insights from Finosec now!

Be the first to know about new Finosec blogs to grow your knowledge of the cybersecurity governance industry today!

User Access Best Practices Code TwoBlog

Let’s acknowledge a few things at the start.

  1. User access reviews (UAR) are important, and increasingly so.
  2. Examiners expect you to complete them regularly.
  3. They’re a crucial element of your overall cybersecurity program.
  4. They’re complicated and they take time.

Finosec team members have felt the pain of that last point, and set out to create a solution that would alleviate just that. We have developed a custom application with a tested and proven approach to the overall UAR process. We have completed over 11 million permission reviews, saving financial institutions time, effort, and money. We can come alongside you to help reduce the complexity of the process, save you time, and help you devote fewer resources to completing the task.

The Finosec process involves five steps for better user access reviews. These steps are an excellent way to simplify what can often be perceived as an overwhelmingly complex topic. We will spend this time reviewing the first step in utilizing this user access tool.

Step one: Create a system map

This is where you document the systems, functions, and processes you have in place. In a sense, you identify the “crown jewels” of your institution as well as who is responsible for each one. This information lays the foundation to help you perform better user access reviews. In a sense, it’s an organized overview of all the systems your institution utilizes to perform its necessary functions.

Inventory your software

This is the comprehensive overview of the applications your employees use. It includes a definition of the systems’ functions and their role in your institution. Be aware that you will almost always have more systems than you think you have, and completing this step will likely be a collaborative effort between the different departments in place at your institution.

Record the system locations

Are they in-house, or are they cloud-based? Or are they co-located in some form? Knowing where they are located is vital to manage their data and function.

Call out the systems where users are regularly added or removed

From a user access perspective, this is a crucial step. You must have visibility into where cybersecurity risk may increase because your user lists aren’t current.

Know what kind of API exists on the systems

This is another key aspect of your system map. Everywhere digital data flows creates a cybersecurity risk. When data integration with third parties occurs within your systems, you must be aware of it and document it.

Want more information?

This is just the first step on the journey toward simplified and improved user access reviews. We will spend more time in the coming weeks diving further into this tool and how it can improve what is currently an antiquated process which is reliant on legacy systems.

Join us on January 19th to review and discuss this 5-step process more in depth in our User Access Best Practices: 5 Steps to Enhance User Access Reviews webinar.

Or, if you’re frustrated because your institution still follows outdated processes to complete your user access reviews, you should contact Finosec today. We’d love to work alongside you to simplify your user access review process and make them easier than ever!

More from Finosec

Integrating FFIEC Authentication Guidance: A Blueprint for Your Next Exam With Insights from Recent Regulatory Actions

Integrating FFIEC Authentication Guidance: A Blueprint for Your Next Exam With Insights from Recent Regulatory Actions

The Federal Financial Institutions Examination Council (FFIEC) Authentication Guidance update in August 2021 has marked a significant step towards enhancing authentication and security access measures within financial institutions. This update expanded upon previous handbooks from 2005 and 2011, emphasizing a broader scope that now includes employees, third-party vendors, and system-to-system communications via APIs.

The Best Defense Against Ransomware

The Best Defense Against Ransomware

Beth Sumner, our VP of Customer Success, recently had the opportunity to discuss ransomware attacks and the importance of community bankers staying vigilant against these crimes in Independent Banker.  While the number of ransomware attacks continues to increase, so do the sums demanded by the attackers.

Succession Planning: Essential for Sustaining Information Security

Succession Planning: Essential for Sustaining Information Security

In today’s world where cyber threats evolve rapidly, the challenge of replacing an Information Security Officer (ISO) underscores a critical issue: the cybersecurity job market is scorching, yet talent is scarce. This gap has turned recruitment into a high-stakes game for financial institutions, where the departure of an ISO exposes vulnerabilities and regulatory risks. With remote work expanding the competition for skilled professionals, the importance of strategic succession planning has never been more acute, ensuring that institutions remain fortified even in the face of staffing changes.

Partnering for Peace of Mind and Effective Oversight

Partnering for Peace of Mind and Effective Oversight

Pendleton Community Bank, a $700 Million Dollar Bank with 133 Employees in Franklin, WV, led by CEO Bill Loving, faced a critical challenge when their Information Security Officer departed, leaving a significant void in their oversight capabilities. Their goal was clear: establish an effective process for information security governance and cybersecurity oversight to ensure compliance and peace of mind.

Talk To An Expert Now
Talk To An Expert Now 770.268.2765