Financial Crime World

Institutional Security: Changes Triggered from Employment Termination or Resignation

======================================================

In recent times, a report has highlighted the importance of implementing strong security measures to prevent unauthorized access and protect sensitive data within institutions. The report emphasizes the need for automated de-provisioning driven by human resource systems in cases where employment is terminated or an employee resigns.

Privileged Account Management

Institutions are urged to implement robust controls over privileged system access, limiting and closely supervising staff with elevated entitlements. All privileged accounts and shared accounts should be centrally managed, with passwords changed automatically using a password vault solution. Multi-factor authentication should be used for high-risk systems and sensitive data.

Key Takeaways:

  • Limit and supervise staff with elevated entitlements
  • Centrally manage privileged and shared accounts
  • Use multi-factor authentication for high-risk systems and sensitive data

Monitoring User Accounts and Privileged Accounts

Institutions are advised to implement monitoring of user accounts and privileged accounts to detect any unauthorized access. This can be achieved by incorporating such monitoring into organization-wide security monitoring solutions with security event correlation and alerting capabilities.

Key Takeaways:

  • Monitor user accounts and privileged accounts for unauthorized access
  • Implement organization-wide security monitoring solutions with security event correlation and alerting capabilities

Access Reviews

Regular access reviews should be conducted to identify excessive privileges and obsolete accounts, preventing unauthorized access.

Key Takeaways:

  • Conduct regular access reviews to identify excessive privileges and obsolete accounts
  • Prevent unauthorized access by removing or revoking unnecessary privileges

Physical Access Management

Institutions should implement physical access controls to prevent unauthorized entry or exit points. Sensitive areas should have additional locks or alarms, while physical protection mechanisms should be protected from tampering and actively monitored.

Key Takeaways:

  • Implement physical access controls to prevent unauthorized entry or exit points
  • Use additional locks or alarms in sensitive areas
  • Protect physical protection mechanisms from tampering and actively monitor them

Network Security

Policies and Processes

Institutions should establish relevant policies and processes for network security, covering areas such as:

  • Network access management
  • Protection
  • Configuration management
  • Vulnerability management
  • And more

Key Takeaways:

  • Establish relevant policies and processes for network security
  • Cover all aspects of network security in policy documents

Network Access Management

Proper network access control and strong authentication are essential for critical network assets. Network activities should be properly logged and monitored, with all incoming and outgoing third-party connections set, documented, and regularly reviewed.

Key Takeaways:

  • Implement proper network access control and strong authentication
  • Log and monitor network activities
  • Set and document all incoming and outgoing third-party connections

Network Protection

Networks should be properly protected and segmented, with internal networks segregated into different trust zones to mitigate attacks. Intrusion detection and prevention systems should be adopted and configured to detect and block potential intrusions.

Key Takeaways:

  • Protect and segment networks to prevent unauthorized access
  • Implement intrusion detection and prevention systems

Configuration Management

All changes to the network infrastructure should follow a documented end-to-end change management process and approval. Firewall rules should be adequately configured and administered centrally, while administrative access to network devices should be properly confined and monitored.

Key Takeaways:

  • Implement a documented end-to-end change management process for all network infrastructure changes
  • Configure and administer firewall rules centrally
  • Confine and monitor administrative access to network devices

Vulnerability Management

Periodic reviews should scan the network for security vulnerabilities, with network devices regularly patched and kept up-to-date.

Key Takeaways:

  • Regularly scan the network for security vulnerabilities
  • Patch and keep network devices up-to-date

Anti-virus/Anti-malware

Institutions should adopt anti-virus and anti-malware tools with up-to-date definitions.

Key Takeaways:

  • Implement anti-virus and anti-malware tools
  • Keep tool definitions up-to-date

System Development

SDLC Process

A formal SDLC process should be established, incorporating the principle of secure development and specific checkpoints to assess security risks and identify mitigation strategies.

Key Takeaways:

  • Establish a formal SDLC process for system development
  • Incorporate secure development principles into the process

Secure Coding Practices

Secure coding practices should be established in line with industry standards, considering vulnerabilities identified from vendors, security tools, penetration testing, and vulnerability scanning.

Key Takeaways:

  • Implement secure coding practices in line with industry standards
  • Consider vulnerabilities identified from various sources when developing code

Secure Development Environment

Institutions should consider setting up development environments with similar configurations to production systems, ensuring that all software is developed and tested securely.

Key Takeaways:

  • Set up development environments with similar configurations to production systems
  • Ensure secure development and testing practices are followed