January 6th, 2022

2022 Security & Compliance Check List - WST

Where did 2021 go? Happy New Year’s All!

It is time to take a close look at your 2022 schedule to make sure the critical elements of your information security and compliance programs are mapped out.

Items you may want to schedule:

  • Information security awareness training Introduction – Customers
  • Policy review, updates, and approval (annually)
  • IT Risk Assessment review and updates
  • FFIEC Cybersecurity Self-Assessment Tool review and updates
  • Ransomware Self-Assessment Tool review and update
  • IT security report to the board (GLBA)
  • Program Training & Testing:
    • End user training;
    • Tabletop exercises;
    • Walk-through exercises; and
    • Partial or full tests of the following:
      • Business Continuity Plan
      • Disaster Recovery Plan
      • Business Impact Analysis
      • Evacuation Plan
      • Pandemic Continuity Plan
      • Incident Response Plan
  • External security assessment and audits
    • External penetration test (expected annually)
    • Vulnerability assessment (internal and external, expected annually)
    • Social engineering testing (expected annually)
    • Web compliance review (recommended with ADA regulations)
    • Independent IT audit (expected annually)
    • ATM Physical Audit (recommended with ADA regulations, some states have lighting & safety requirements)
  • Internal assessment and audits
    • User account review/audit
    • Cloud infrastructure review
    • User permission testing and audits (suggested quarterly)
    • Testing backups
    • Power generator and UPS testing
    • Firewall configuration and rule review (expected quarterly)
    • Vendor management and due diligence
    • Physical security training
    • After-hours walk-through security review of branches
    • FedLine Assurance Audit
  • Continuing education for IT security and IT administration
  • Review and finalize IT security budget
  • BSA/AML & OFAC risk assessment (suggested annually to 18 months)
  • BSA/AML & OFAC training (annually)
  • BSA/AML & OFAC audit (annually to 18 months)
  • BSA/AML model validation (suggested every 24 months, assuming no change in BSA risk)
  • ACH NACHA audit (required annually)
  • Lending, deposit, and administrative compliance audits

Other items that may need attention:

  • Have you remediated all findings from your past audits and examinations?
  • Have all your employees read and signed your institution’s:
    • Acceptable Use Policy;
    • Employee handbook; and
    • Confidentiality agreements?
  • Have you reminded your users that social engineering testing can occur at any time?
  • Will you attend any technology or compliance seminars, or trade shows this year?
  • Have you visited 10-D Academy lately? https://10dsecurity.com/#academy

Who knows what will get added to the list in 2022.

Link to our IT Security Services: https://10dsecurity.com/10-D-Security-services.html

Link to our Compliance Service: https://10dsecurity.com/10-D-Compliance-services.html

Authored by: Philip VanMeerhaeghe, CISSP

You May Want to Read More:

The Scope of SARs - Something Old and Something New - WST

January 28th, 2021

Did you know that filing Suspicious Activity Reports...

In with the new year, out with the Flash - WST

January 21st, 2021

The writing has been on the wall for a while now ...

Back to Basics: Understanding Risk Concepts - WST

January 15th, 2021

People often make judgements and decisions about risk...

Keep your institution off the evening news.

Contact Us