Finosec Official Blog

What Auditors and Examiners Expect You to Have Implemented For the Updated FFIEC Authentication Guidance

Zach Duke posted in Cybersecurity, FFIEC, User Access Reporting, preparedness, Risk Assessment, information security, Risk, Risk Review, infosec

0 Comments

The Federal Financial Institutions Examination Council (FFIEC) updated its Authentication Guidance in August 2021, which aims to standardize and enhance security measures for financial institutions. We are seeing a focus on these areas during exams and audits, and understanding these new guidelines is crucial for compliance and risk management.

Read More

Safeguarding Your Assets: Preventing Privilege Creep

Beth Sumner posted in Cybersecurity, system map, self assessment, User Access, User Access Reporting, training, preparedness, Risk Assessment, information security, Risk, Risk Review, infosec

0 Comments

Today, we’re delving into an essential topic that affects both the security and the integrity of your digital assets: privilege creep. In this blog, we’ll explore the potential risks, and provide you with actionable strategies to prevent this sneaky threat from undermining your cybersecurity efforts.

Read More

5 Steps For User Access Review Best Practices

FINOSEC posted in User Access, User Access Reporting, preparedness, Risk Assessment, information security, System Inventory, Risk Review, infosec

0 Comments

User Access Reviews (UAR) are crucial for financial institutions, examiners and auditors are focusing on them, and best practices mandate managing to least privilege.   However, the process can be complicated and time-consuming. This is why it's important to standardize and simplify the process as much as possible. Our User Access Review Best Practices white paper outlines five steps to help you achieve this. 

Read More

FDIC 2022 Risk Review

FINOSEC posted in FDIC, 2022, Risk, Risk Review

0 Comments

Understanding examiner expectations and knowing how to train your team and board on information security is important. You and your team need to know where the risks are and where regulators are focused based on those risks. 

Read More