Remember me

Register  |   Lost password?


Webinar Recap: Top 10 IT Security Audit Gaps – and How to Avoid Them

Tue, 11 Apr 2017 21:00:18 GMT

When it comes to cybersecurity there are many factors that you need to be conscious of. During a recent webinar, speakers from Eze Castle Integration and Wolf & Company shared 10 of the most common cybersecurity gaps identified during an IT audit/risk assessment. We’ve listed the top 10 below and shared some particulars on a few of the most critical (in our opinion). For more detail on how these gaps are presenting themselves – and also best practices for avoiding them – scroll down or click here to listen to the full webinar replay.

Top 10 IT Security Gaps

  1. Risk Management and Governance

  2. IT Asset Management

  3. Vulnerability Assessments

  4. Patch Management

  5. Social Engineering & User Training

  6. Business Continuity Planning

  7. Multi-Factor Authentication

  8. Third Party Vendor Management

  9. User Provisioning and Management

  10. Incident Response Planning/Procedures

Risk Management and Governance

Responsibility and accountability for risk management starts in-house – and at the top. Even for firms that rely on third party outsourced providers, it’s imperative (and often overlooked) to establish governance controls and outline who internally maintains ownership of the firm’s security posture – and more broadly, who owns the firm’s risks.

IT Asset Management

Frequently identified as a shortcoming for firms during the IT audit process, IT asset management and data inventory has become a critical component to security. Best case, a firm should conduct inventory management and data classification of all web based applications, as well as all devices that store company critical information.

Beyond understanding what devices firms have and what data they hold, firms also need to understand how the data is accessed and by whom. Access control policies and procedures and inventory management protocols need to be reviewed continually as employees start/leave/change roles and technology evolves. Annual review cycles are recommended, but for higher-risk systems and applications, firms may want to re-evaluate more often.

Patch Management

Patch Management is widely seen as one of the most critical areas of security for investment management firms. Particularly for firms that leverage a wide array of systems, technologies and applications, it can be a daunting task to keep up with regular patches. That said, it’s essential for firms to employ comprehensive plans for patch management and ensure security flaws are addressed in a timely manner to prevent vulnerabilities from taking form.

Social Engineering & User Training

You’ve heard us say it time and again – users are often a firm’s weakest links when it comes to cybersecurity threat prevention. Particularly when it comes to social engineering tactics growing in sophistication, employee training is critical to protecting your firm’s information and reputation. Threats such as corporate account takeover and business email compromise are real and concerning to investment management firms, and the best way to ensure they do not impact your business is through consistent and comprehensive user training.

Note: We're aware of a few minor audio issues with our webinar recording. Please accept our sincerest apologies. We're working with our platform provider to address these issues for future recordings.

For more information on IT Security and Cyber Best Practices: