Finding #12

Description *

Priority (1-4) Category 1 Category 2

Formatted Text *

Presence of Legacy Onsite Exchange Server

Severity Level: Priority 1
Category: Infrastructure / Security

Description:
The bank relies on a legacy onsite Exchange Server, which is outdated and lacks modern security features, increasing vulnerability to exploits and misalignment with cloud-based standards.

Impact:

Heightened risk of security breaches due to unpatched vulnerabilities.
Non-compliance with modern IT standards, risking audit penalties.
Limited scalability and integration with contemporary tools.
Potential service disruptions from aging infrastructure.

FFIEC Reference:

FFIEC IT Examination Handbook (November 2016):

"Institutions should adopt modern, secure systems to replace outdated infrastructure." (p. 34)
"Legacy systems increase operational and security risks." (p. 36)

Recommendations:

Migrate to MS365: Transition to Microsoft 365 for enhanced security and scalability.
Train Staff: Provide training on MS365 to ensure smooth adoption.

<h2 style="margin: 0in; font-size: 14pt; font-family: Arial, sans-serif; color: rgb(89, 89, 89); letter-spacing: 0.25pt;">Presence of Legacy Onsite Exchange Server<o:p></o:p></h2>Severity Level: Priority 1 Category: Infrastructure / Security Description: The bank relies on a legacy onsite Exchange Server, which is outdated and lacks modern security features, increasing vulnerability to exploits and misalignment with cloud-based standards. Impact:<o:p></o:p><ul type="disc" style="margin-bottom: 0in;"><li class="MsoNormal" style="margin: 0in; font-size: 12pt; font-family: "Times New Roman", serif;">Heightened risk of security breaches due to unpatched vulnerabilities.<o:p></o:p></li><li class="MsoNormal" style="margin: 0in; font-size: 12pt; font-family: "Times New Roman", serif;">Non-compliance with modern IT standards, risking audit penalties.<o:p></o:p></li><li class="MsoNormal" style="margin: 0in; font-size: 12pt; font-family: "Times New Roman", serif;">Limited scalability and integration with contemporary tools.<o:p></o:p></li><li class="MsoNormal" style="margin: 0in; font-size: 12pt; font-family: "Times New Roman", serif;">Potential service disruptions from aging infrastructure.<o:p></o:p></li></ul>FFIEC Reference:<o:p></o:p><ul type="disc" style="margin-bottom: 0in;"><li class="MsoNormal" style="margin: 0in; font-size: 12pt; font-family: "Times New Roman", serif;">FFIEC IT Examination Handbook (November 2016):<o:p></o:p></li><ul type="circle" style="margin-bottom: 0in;"><li class="MsoNormal" style="margin: 0in; font-size: 12pt; font-family: "Times New Roman", serif;">"Institutions should adopt modern, secure systems to replace outdated infrastructure." (p. 34)<o:p></o:p></li><li class="MsoNormal" style="margin: 0in; font-size: 12pt; font-family: "Times New Roman", serif;">"Legacy systems increase operational and security risks." (p. 36) <o:p></o:p></li></ul></ul>Recommendations:<o:p></o:p><ul type="disc" style="margin-bottom: 0in;"><li class="MsoNormal" style="margin: 0in; font-size: 12pt; font-family: "Times New Roman", serif;">Migrate to MS365: Transition to Microsoft 365 for enhanced security and scalability.<o:p></o:p></li><li class="MsoNormal" style="margin: 0in; font-size: 12pt; font-family: "Times New Roman", serif;">Train Staff: Provide training on MS365 to ensure smooth adoption.<o:p></o:p></li></ul>

Back to list