1 min read

A DFI IT Examiner's 5 Areas of Focus

Chris Bedel : Jan 19, 2018

Category One

I recently had the chance to have some lengthy, and very valuable, discussions with a DFI IT Examiner on current areas of focus for them.

Wait... before you roll your eyes: he knew his stuff, with a lot of IT experience and the security certifications to go with it (CISSP & CISA).

He was taking a very operational approach, meaning that he was looking for controls in practice, rather than the wording in policies. He focused on securing the information, rather than just complying with the regulations.

His 5 areas of focus:

Know your assets and assess the risks (everything starts here)
Patch your systems
Test for vulnerabilities - and he was very clear that he likes to see true penetration tests, not just vulnerability scans AND he likes to see internal penetration testing (which we said back in 2016 in this article)
Encrypt data in transit and at rest - with further focus on encryption of servers and workstations
Train your users. Train your board members (as they are ultimately and legally responsible)

Obviously, these weren't the only things reviewed in an InTREx exam, but they seem like a great place to start (and they make a great Friday 5!)

vCISO Questions and Answers 14: What do examiners say? What kind of due diligence should we do on a vCISO?

Chris Bedel : Sep 2, 2021

{% video_player "embed_player" overrideable=False, type='scriptV4', hide_playlist=True, viral_sharing=False, embed_button=False, autoplay=False,...

CISO Information Security Program Strategic Planning CISO Services vCISO Virtual CISO Outsourced CISO In-house CISO Banks Credit Unions

5 Things to Know About the New NCUA Automated Cybersecurity Examination Tool

Brian Petzold : Apr 20, 2018

FDIC Implements New IT Examination (InTREx) Program

Chris Bedel : Jul 6, 2016

On July 1, 2016, the Federal Deposit Insurance Corporation (FDIC) implemented the Information Technology Risk Examination (InTREx) Program for...

Uncategorized