Managing Core User Access Risk - WST

There is no question the core system is a high-risk adventure for every financial institution. This is why user access reviews have been an important part of managing this risk. The process of performing a core user access review can be a daunting task, especially for a larger institution. Core systems typically do not make this task easy with limited reporting and complex permission schemes. This can all lead to less than stellar user access management.

Some things to consider:

• Consider performing a complete core user access review at least annually. Quarterly or semi-annually can be effective if doing sampling of users - just be sure to capture the entire employee-base through the course of a year.
• Have a documented process that aligns with your core’s permission scheme.
• Make sure permissions granted in core match the duties/job functions outlined in written job descriptions.
• If possible, customize reports to provide usable data.
• If possible, automate components of review process to alleviate burden and mistakes.
• Get a different set of eyes on the process to ensure thoroughness, this could include outsourcing the review.

If you need help with this arduous task, please reach out to 10-D Security and we’ll be happy to provide you a quote

Authored by: Philip VanMeerhaeghe, CISSP, August 12th, 2021