Pub 12 2023 Issue 1

regularly reviewing and removing unauthorized software, and preventing the installation of unauthorized software. 3. Data Leak Protection This control helps you protect your data from unauthorized access and loss. This includes ensuring that sensitive data is encrypted, both at rest and in transit. It is also learning where data is stored and how it travels. 4. Secure Configuration of Enterprise Assets & Software It is crucial to implement a solid program for software and operating system patching, to establish written policies for “hardening” new servers, workstations, and network devices, and to regularly review policies to ensure they are enabled on all devices. 5. Account Management For added cybersecurity, ensure that only authorized users have access to your data and systems. This is not just for Windows login — it includes logins to core systems, email, and any hosted or internet-based accounts that potentially house confidential data. It’s also good to establish separate admin accounts for admin tasks. This way, if an attacker does gain access to an admin account, they will not have direct access to data. 6. Access Control Management This control helps your bank manage and monitor user access to data and systems. This includes ensuring only authorized users have access to sensitive data, all access is logged, and privileged users are properly supervised. 7. Continuous Vulnerability Management This control helps you identify and remediate vulnerabilities in your systems and software. This includes patching software and operating systems, using security scanning tools, and conducting regular penetration tests. How to Incorporate CIS Controls To help your bank incorporate these controls, look for an IT company that specializes in IT security and compliance for banks and who is also able to manage and automate many of the tasks associated with each of the CIS controls. More information about the Center for Internet Security can be found at www.cisecurity.org/controls. Mike Gilmore (info@resultstechnology.com) is the Chief Compliance Officer and a Certified Information Systems Auditor (CISA) with more than 30 years experience in the banking industry. In his role as COO, Mike provides compliance and risk assessments, audit, and exam support and policy documentation. For a better financial services cybersecurity strategy, you need to know how your network works and be aware of any changes that might invalidate the controls you have put in place. Pub. 12 2023 Issue 1 37

RkJQdWJsaXNoZXIy MTg3NDExNQ==