Cybersecurity Trends Examiners May Focus on in 2026
As financial institutions move into 2026, cybersecurity examinations continue to evolve. Regulators are shifting away from purely checklist-based...
1 min read
I recently had the chance to have some lengthy, and very valuable, discussions with a DFI IT Examiner on current areas of focus for them.
Wait... before you roll your eyes: he knew his stuff, with a lot of IT experience and the security certifications to go with it (CISSP & CISA).
He was taking a very operational approach, meaning that he was looking for controls in practice, rather than the wording in policies. He focused on securing the information, rather than just complying with the regulations.
His 5 areas of focus:
- Know your assets and assess the risks (everything starts here)
- Patch your systems
- Test for vulnerabilities - and he was very clear that he likes to see true penetration tests, not just vulnerability scans AND he likes to see internal penetration testing (which we said back in 2016 in this article)
- Encrypt data in transit and at rest - with further focus on encryption of servers and workstations
- Train your users. Train your board members (as they are ultimately and legally responsible)
Obviously, these weren't the only things reviewed in an InTREx exam, but they seem like a great place to start (and they make a great Friday 5!)
vCISO Questions and Answers 14: What do examiners say? What kind of due diligence should we do on a vCISO?
{% video_player "embed_player" overrideable=False, type='scriptV4', hide_playlist=True, viral_sharing=False, embed_button=False, autoplay=False,...
FDIC Implements New IT Examination (InTREx) Program
On July 1, 2016, the Federal Deposit Insurance Corporation (FDIC) implemented the Information Technology Risk Examination (InTREx) Program for...