Welcome to BankInfoSecurity's FFIEC Guidance Resource Center!
The latest news, views and education on the Federal Financial Institutions Examination Council's latest guidance on the risks and risk management controls necessary to authenticate services in an Internet banking environment.
RSA Conference Asia Pacific and Japan, which wrapped up last week, was a successful reflection of this region's hottest security topics. Here are some of my own observations, as well as feedback from the attendees.
Subscribers and other consumers can more easily read, watch and listen to content produced for the websites of ISMG, as the company unveils a responsive design that enhances the features and functions of multimedia on multiple platforms.
(ISC)² and the Cloud Security Alliance have unveiled a new cloud security professional certification designed to measure advanced competence. Will training for the certification help professionals gain a better understanding of cloud security?
With the rise in awareness of visual security threats and the advent in open plan office environments, protecting data inside the organization is a growing concern, says Ben Rooney, a marketing executive at 3M.
Organizations that want to protect sensitive data first need to know where it is. But outside of military and government realms, few employees know how to manually classify data, or have an incentive to do so, says TITUS CTO Stephane Charbonneau.
What's your digital identity strategy? Numerous agencies in countries across Europe - such as the Italian postal service - are creating new approaches to verifying identities and allowing them to be used as a trusted service, says CA's Paul Briault.
Threat intelligence is increasingly being brought to bear to help businesses apply kill-chain concepts, focusing on disrupting discrete parts of online attacks as early as possible, says Fortinet's Simon Bryden.
The Internet of Things is posing an increased risk to all organizations. One global data center provider, for example, recently discovered that its malware-infected power supplies were part of a botnet, says Chris Richter of Level 3 Communications.
The list of information security threats facing organizations continues to grow longer. But it's up to CIOs to put the right defenses - and priorities - in place, says David White at BAE Systems Applied Intelligence.
EdgeWave's Mike Walls, a former bomber pilot who led Navy red teams, says penetration testing is useful in analyzing bits and bytes but not the readiness of operations under attack from cyberspace. Red teams, he says, can analyze the impact on operations.