2 min read
Control Assessments Vs. Risk Assessments
When we first start working with new institutions, it is not unusual for us to see them struggling because they have focused their efforts on...
Controls
2 min read
Artificial Intelligence–How will it be regulated
Institutions are looking at services using Artificial Intelligence (AI), such as loan decisioning, resume review, and process automation. Using these...
2 min read
Business Email Compromise: Attacks Immune to Multi-Factor Authentication
They’ve come back around…those business email compromises, which were all too common in the late 2010s.
3 min read
5 Steps to Utilizing Key Controls
Recently we’ve received a number of requests for “Key Controls” from auditors or examiners for the financial institutions we work with. Fortunately,...
2 min read
Blocking Outbound Communications
All organizations have (or should have) a firewall that blocks unexpected communications from the Internet to internal network hosts. But what about...
1 min read
Three Options to Implement Phish Resistant Multi-Factor Authentication
Since the pandemic and the rise of work at home, we have become very familiar with Multi-Factor Authentication (MFA). Typically, this is implemented...
2 min read
The FDIC InTREX Gets Audited
While the FFIEC has released three major guidance updates since July 2019, the FDIC has not updated its examination program to include the newer...
1 min read
The What, Why, and How of Complementary User Entity Controls
Reviewing Complementary User Entity Controls (CUECs) is an important part of any financial institution’s third-party management program. However, we...
3 min read
Discussions Triggered from the LastPass Breach
Over the past month, many have written about the latest LastPass breach. If you have not kept up with the breach, you can see the disclosure from...
1 min read
Effective User Access Reviews
What exactly is a user access review? In its simplest form, this review is a process that certifies that users’ (including vendors’) access within...