A UNIFIED POLICY FRAMEWORK TO RESTRICT AND CONTROL PRIVILEGED USER ACCESS TO TARGET SYSTEMS

Bank Negara Policy Document On IT Risk Management

Bank Negara, Malaysia in its IT Risk Management policy document very succinctly puts that with the more prevalent use of technology in the provision of financial services, there is a need for financial institutions to strengthen their technology resilience against operational disruptions in order to maintain confidence in the financial system. The growing sophistication of cyber threats also calls for the increased vigilance and capability of financial institutions to respond to emerging threats.

Bank Negara Malaysia policy paper S 10.61 explicitly states that:
(a) access controls to enterprise-wide systems are effectively managed and monitored; and
(b) user activities in critical systems are logged for audit and investigations.

Activity logs must be maintained for at least three years and regularly reviewed in a timely manner

In this paper, ARCON explains how its robust risk control solution ARCON| Privileged Access Management helps financial institutions in addressing some of the toughest challenges emanating from Information Technology.

What is the Bank Negara Policy Document on IT Risk Management?

Bank Negara, Malaysia in its IT Risk Management policy document, calls for the increased vigilance and capability of financial institutions to respond to emerging threats. With the more prevalent use of technology in the provision of financial services, there is a need for financial institutions to strengthen their technology resilience against operational disruptions in order to maintain confidence in the financial system.

How is the Bank Negara Policy Document on IT Risk Management applicable?

The Bank Negara Malaysia policy paper S 10.61 explicitly mandates that access controls to enterprise-wide systems are effectively managed and monitored and user activities in critical systems are logged for audit and investigations. Activity logs must also be maintained for at least three years and regularly reviewed in a timely manner.

Download Product Brochure

How can ARCON | Privileged Access Management help?

ARCON Privileged Access Management offers IT risk management and governance teams the following safeguards:

Granular level control to ensure rule and role based access to critical information

A unified policy framework to restrict and control privileged user access to target systems

Real time monitoring of privileged users including third party activities on databases, network devices, could applications, servers and other business critical applications

Robust password vaulting and randomization to secure privileged credentials

Detailed Audit trails of all privileged tasks happening in the IT ecosystem