	Description	Priority	Categories	Remove
No findings selected.

Description	Priority	Categories
Lack of Ransomware and Threat Protection Alerts in Backup System	1	Cybersecurity, Business Continuity
Lack of Endpoint Detection and Response (EDR), Behavioral Analysis, Malware, or Ransomware Detection	1	Cybersecurity, IT Security
Lack of Mobile Device Management	1
Presence of Legacy Onsite Exchange Server	1	Infrastructure, IT Security
Running Unsupported / Unlicensed VMware with No Access to Security Patches	1	Infrastructure, Compliance
Microsoft 365 Default Settings and Lack of Hardening	1	Cybersecurity, Compliance
Lack of MS365 Cloud Security (e.g., Huntress ITDR)	1	Cybersecurity, Compliance
Lack of Microsoft 365 Backup	1	Cybersecurity, Business Continuity
Lack of Multifactor Authentication on VPN	1	Cybersecurity, Compliance
Absence of Hardware and Software Lifecycle Management	1	Asset Management
Establish a Hardware Lifecycle Replacement Policy	1	Asset Management
Absence of Formal IT Committee	2	Governance, Risk Management
Lack of Comprehensive Network Infrastructure Documentation	2	Infrastructure, Compliance
Enhance Cybersecurity Training Platform	2	IT Security, Knowledge Management
Lack of Bank Involvement in Annual DR Testing	2	Compliance, Business Continuity
Bank Management can benefit from Access to RMM Tools	2	Operations, Operational Efficiency
Network Segmentation Gaps	2	IT Security, Infrastructure
ATMs Not Segmented	2	IT Security, Infrastructure
Email DomainKeys Identified Mail (DKIM) Security Failing Validation	2	IT Security, Communication
Email Domain-based Message Authentication, Reporting, and Conformance (DMARC) Failing Validation	2	IT Security, Operations
Absence of an Executive IT Health Reports	2
Implement a Robust Remote Monitoring and Management (RMM) Solution	2	IT Management, Operational Efficiency
Implement a Robust IT Documentation System	2	IT Management, Knowledge Management
Lack of Change Control and Issue Tracking	3	Governance, Compliance
Lack of Formal Enterprise Ticketing System	3	Operations, Operational Efficiency
Absence of Monthly Vulnerability Scanning and Remediation	3	IT Security, Vulnerability Management

Lack of Ransomware and Threat Protection Alerts in Backup System

1

Cybersecurity, Business Continuity

Lack of Endpoint Detection and Response (EDR), Behavioral Analysis, Malware, or Ransomware Detection

1

Cybersecurity, IT Security

Lack of Mobile Device Management

1

Presence of Legacy Onsite Exchange Server

1

Infrastructure, IT Security

Running Unsupported / Unlicensed VMware with No Access to Security Patches

1

Infrastructure, Compliance

Microsoft 365 Default Settings and Lack of Hardening

1

Cybersecurity, Compliance

Lack of MS365 Cloud Security (e.g., Huntress ITDR)

1

Cybersecurity, Compliance

Lack of Microsoft 365 Backup

1

Cybersecurity, Business Continuity

Lack of Multifactor Authentication on VPN

1

Cybersecurity, Compliance

Absence of Hardware and Software Lifecycle Management

1

Asset Management

Establish a Hardware Lifecycle Replacement Policy

1

Asset Management

Absence of Formal IT Committee

2

Governance, Risk Management

Lack of Comprehensive Network Infrastructure Documentation

2

Infrastructure, Compliance

Enhance Cybersecurity Training Platform

2

IT Security, Knowledge Management

Lack of Bank Involvement in Annual DR Testing

2

Compliance, Business Continuity

Bank Management can benefit from Access to RMM Tools

2

Operations, Operational Efficiency

Network Segmentation Gaps

2

IT Security, Infrastructure

ATMs Not Segmented

2

IT Security, Infrastructure

Email DomainKeys Identified Mail (DKIM) Security Failing Validation

2

IT Security, Communication

Email Domain-based Message Authentication, Reporting, and Conformance (DMARC) Failing Validation

2

IT Security, Operations

Absence of an Executive IT Health Reports

2

Implement a Robust Remote Monitoring and Management (RMM) Solution

2

IT Management, Operational Efficiency

Implement a Robust IT Documentation System

2

IT Management, Knowledge Management

Lack of Change Control and Issue Tracking

3

Governance, Compliance

Lack of Formal Enterprise Ticketing System

3

Operations, Operational Efficiency

Absence of Monthly Vulnerability Scanning and Remediation

3

IT Security, Vulnerability Management

Audit Report (New)