January 9, 2020

2020 Security & Compliance Check List – WST

Yep, another year has flown by and a new decade is here. Now is a great time to take a close look at your 2020 schedule to make sure the critical elements of your information security & compliance programs are mapped out.

Items you may want to schedule:

  • Policy Review, Updates & Approval (Annually)
  • IT Risk Assessment Update
  • FFIEC Cybersecurity Self-Assessment Tool
  • IT Security Report to the Board (GLBA)
  • Program Training & Testing:
    • End user training;
    • Tabletop exercises;
    • Walk-through exercises; and
    • Partial or full tests of the following:
      • Business Continuity Plan
      • Disaster Recovery Plan
      • Business Impact Analysis
      • Evacuation Plan
      • Pandemic Continuity Plan
      • Incident Response Plan
  • External Security Assessment & Audits
  • External Penetration Test (Expected annually)
  • External Vulnerability Assessment (Expected annually)
  • Social Engineering (Expected annually)
  • Web Compliance (Recommended with ADA regulations)
  • Independent IT Audit (Expected annually)
  • Internal Assessment and Audits
  • User Account Review/Audit
  • User Permission Testing and Audits (Suggested quarterly)
  • Backup file Restoration Testing
  • Power Generator and UPS Testing
  • Firewall Configuration and Rule Review (Expected quarterly)
  • Vendor Management and Due Diligence
  • Information Security Awareness Training (End user and customers)
  • Physical Security Training
  • After-hours Walk-through Security Review of Branches
  • Continuing Education for IT Security and IT Administration
  • BSA/AML Training and Audit (Annually to 18 months)
  • BSA/AML Model Validation
  • ACH NACHA Audit (Required annually)
  • Lending, Deposit and Administrative Compliance Audits
  • Review and Finalize IT Security Budget
  • VACATION!Other items that may need attention:
  • Have you remediated all findings from your past audits and examinations?
  • Have all your employees read and signed your institution’s:
    • Acceptable Use Policy;
    • Employee Handbook; and
    • Confidentiality Agreements?
  • Have you reminded your users Social Engineering Testing can occur at any time?
  • Will you attend any technology or compliance seminars, or trade shows this year?
  • Have you visited 10-D Academy lately?

PDF of list – 2020 Security and Compliance Checklist

Link to our IT Security Services: https://10dsecurity.com/10-d-security-services/

Link to our Compliance Service: https://10dsecurity.com/10-d-compliance-services/

Past Weekly Security Tips – WST