Pub. 3 2023 Issue 1

4. Secure Configuration of Enterprise Assets & Software It is crucial to implement a solid program for software and operating system patching, to establish written policies for “hardening” new servers, workstations, and network devices, and to regularly review policies to ensure they are enabled on all devices. 5. Account Management For added cybersecurity, ensure that only authorized users have access to your data and systems. This is not just for Windows login – it includes logins to core systems, email, and any hosted or internet-based accounts that potentially house confidential data. It’s also good to establish separate admin accounts for admin tasks. This way, if an attacker does gain access to an admin account, they will not have direct access to data. 6. Access Control Management This control helps your bank manage and monitor user access to data and systems. This includes ensuring only authorized users have access to sensitive data, all access is logged, and privileged users are properly supervised. 7. Continuous Vulnerability Management This control helps you identify and remediate vulnerabilities in your systems and software. This includes patching software and operating systems, using security scanning tools, and conducting regular penetration tests. How to Incorporate CIS Controls To help your bank incorporate these controls, look for an IT company that specializes in IT security and compliance for banks and who is also able to manage and automate many of the tasks associated with each of the CIS controls. More information about the Center for Internet Security can be found at www.cisecurity.org/controls. ■ Mike Gilmore (info@resultstechnology.com) is the Chief Compliance Officer and a Certified Information Systems Auditor (CISA) with more than 30 years experience in the banking industry. In his role as COO, Mike provides compliance and risk assessments, audit, and exam support and policy documentation. 2023 Issue 1 | 21

RkJQdWJsaXNoZXIy ODQxMjUw