A UNIFIED POLICY FRAMEWORK TO RESTRICT AND CONTROL PRIVILEGED USER ACCESS TO TARGET SYSTEMS

Bank Negara Policy Document On IT Risk Management

Cybersecurity and IT governance have become increasingly important for regulatory compliance. Global Central Banks are demanding explicit IT risk management policies, processes, and procedures to safeguard information assets against rising technology risks emanating from corporate insiders, third-parties, and advanced cyber threats. In this context, Identity and Access Management (IAM) will be critical for regulatory compliance. In this paper, ARCON discusses how its robust stack of IAM solutions can enable enterprise information risk management teams to comply with the mandates given by Bank Negara, Malaysia.

What is the Bank Negara Policy Document on IT Risk Management?

Bank Negara, Malaysia in its IT Risk Management policy document, calls for the increased vigilance and capability of financial institutions to respond to emerging threats. With the more prevalent use of technology in the provision of financial services, there is a need for financial institutions to strengthen their technology resilience against operational disruptions in order to maintain confidence in the financial system.

How is the Bank Negara Policy Document on IT Risk Management applicable?

The Bank Negara Malaysia policy paper S 10.61 explicitly mandates that access controls to enterprise-wide systems are effectively managed and monitored and user activities in critical systems are logged for audit and investigations. Activity logs must also be maintained for at least three years and regularly reviewed in a timely manner.

Download Compliance Checklist

How can ARCON | Privileged Access Management help?

ARCON Privileged Access Management offers IT risk management and governance teams the following safeguards:

Granular level control to ensure rule and role based access to critical information

A unified policy framework to restrict and control privileged user access to target systems

Real time monitoring of privileged users including third party activities on databases, network devices, could applications, servers and other business critical applications

Robust password vaulting and randomization to secure privileged credentials

Detailed Audit trails of all privileged tasks happening in the IT ecosystem