The Bedel Security Blog

Information security expertise exclusively for you.

Sign Up Today

Access & Authentication (2)

2 min read

The FDIC InTREX Gets Audited

Brian Petzold: Feb 10, 2023

While the FFIEC has released three major guidance updates since July 2019, the FDIC has not updated its examination program to include the newer...

Policy Controls Governance FFIEC Access & Authentication Audit Exam GLBA
Read More

1 min read

The What, Why, and How of Complementary User Entity Controls

Trisha Durkin: Jan 13, 2023

Reviewing Complementary User Entity Controls (CUECs) is an important part of any financial institution’s third-party management program. However, we...

Controls Access Access & Authentication 3rd party Third-Party Passwords Access Reviews
Read More

3 min read

Discussions Triggered from the LastPass Breach

Brian Petzold: Jan 6, 2023

Over the past month, many have written about the latest LastPass breach. If you have not kept up with the breach, you can see the disclosure from...

Risk Threats Controls Cloud Access MFA Access & Authentication Passwords
Read More

2 min read

Self-Assessing Authentication & Access Risk

Brian Petzold: Nov 4, 2022

A little over a year ago, banking regulators released the “Authentication and Access to Financial Institution Services and Systems” guidance. Since...

Threats Information Security Program Regulation Risk Assessment CISO Services vCISO Virtual CISO Banks Credit Unions FFIEC Access Access & Authentication CISO as a service Audit 3rd party Third-Party Passwords Access Reviews
Read More

1 min read

Effective User Access Reviews

Vance Monical: Oct 28, 2022

What exactly is a user access review? In its simplest form, this review is a process that certifies that users’ (including vendors’) access within...

CISO Information Security Program Controls CISO Services vCISO Virtual CISO Outsourced CISO In-house CISO Banks Access Access & Authentication CISO as a service Audit IT 3rd party Access Reviews
Read More

3 min read

What Is A Strong Password in 2022?

Brian Petzold: Sep 2, 2022

Risk Threats CISO Information Security Program Regulation Controls CISO Services vCISO Virtual CISO Outsourced CISO MFA In-house CISO Banks Board of Directors Access & Authentication CISO as a service Exam Passwords
Read More

2 min read

Where Does Managing Aggregator Risk Belong?

Brian Petzold: Aug 5, 2022

A little over a year ago, bank regulators published new proposed guidance on managing third-party risk. One of the more controversial topics in this...

Risk CISO Risk Assessment CISO Services vCISO Virtual CISO Outsourced CISO In-house CISO Banks Credit Unions Access & Authentication CISO as a service
Read More

2 min read

What You Can do About the Okta Compromise

Stephanie Goetz: Mar 25, 2022

News this week brought us word of something very disappointing, a breach in a large player in the identity services company, Okta. If I’m being 100%...

Risk Threats Vulnerability and Patch Management CISO Information Security Program Regulation Controls CISO Services vCISO Virtual CISO Outsourced CISO MFA In-house CISO Banks Credit Unions Access & Authentication
Read More

2 min read

Is Your Risk Assessment Authentication & Access Ready?

Brian Petzold: Jan 21, 2022

In August, the FFIEC released new guidance titled “Authentication and Access to Financial Institution Services and Systems”. Because the guidance...

Risk Threats CISO Information Security Program CySPOT Regulation Controls Risk Assessment CISO Services Virtual CISO Outsourced CISO MFA In-house CISO Banks Credit Unions FFIEC Access Access & Authentication
Read More
Prev 1 2