June 21, 2018
Are you where you need to be? – WST
- We are smack dab in the middle of 2018. I always refer to it as the ‘point of no return.’ For our financial institution customers, regulations require you to complete many things each year, but it is easy to push things back and put out the fires that are in front of you. Now is the time to ‘re-vamp’ the plan you started with in 2018, before 3rd quarter craziness begins. Think about it – the 4th of July is right around the corner, we’re already in primetime for vacations, and before long it’s back-to-school shopping, soccer starts back up (at least for me), a last hurrah Labor Day weekend, and just as your work schedule is back to normal the 4th quarter is here. And this is just personal matters. Board meetings, staff coverage issues, examiners… I feel queasy just thinking about it…Do yourself a favor during this last full week of the 2nd quarter. Take a minute to dust off the checklist. Are you where you need to be? Check now, and enjoy your time in the 3rd quarter’s sun, knowing you’re on track with a plan to get everything completed by year’s end. If you need additional information on any items, just check the appropriate box(es), hit reply, and I’ll send it over. I’ll be here all next week if you need something, but then I’m off to the beach 😉
2018 Security & Compliance Check List
☐ Policy Review, Updates & Approval (All policies should be done annually)
☐ IT Risk Assessment Update☐ IT Security Report to the Board (GLBA)
☐ Program Training & Testing to include end user training, tabletop exercises, walk-through,and partial or full tests of the following:
☐ Business Continuity Plan
☐ Disaster Recovery Plan
☐ Business Impact Analysis
☐ Evacuation Plan
☐ Pandemic Continuity Plan
☐ Incident Response Plan
☐ External Security Assessment & Audits
☐ External Penetration Test (Required Annually)
☐ External Vulnerability Assessment (Required Annually)
☐ Social Engineering (Examiner Suggested Annually)
☐ Web Compliance (Recommended with upcoming ADA regulations)
☐ Independent IT Audit (Required Annually)
☐ Internal Assessment and Audits
☐ User account review/audit
☐ User permission testing and audits (Suggested Quarterly)
☐ Backup file Restoration testing
☐ Power Generator and UPS Testing
☐ Firewall Configuration and Rule Review (Required Quarterly)
☐ Vendor Management and Due Diligence
☐ Information Security Awareness Training (End user and Customers)
☐ Physical Security Training
☐ After-hours walk-through security review of branches
☐ Continuing Education for IT Security and IT Administration
☐ BSA/AML Training and Audit
☐ BSA/AML Model Validation
☐ ACH NACHA Audit
☐ Review and Finalize IT Security Budget
Other items that may need attention:
☐ Have you finished all your remediation efforts for findings from your past audits and examinations?
☐ Have all your employees read and signed your Acceptable Use Policy, Employee Handbook, and Confidentiality Agreements?
☐ Have you reminded your users that you may perform Social Engineering Testing at any time?
☐ Will you attend any technology or compliance seminars or trade shows this year?
☐ Is your institution ready for InTREx?
☐ How is your ongoing management of the FFIEC Cybersecurity Self-Assessment Tool going?