Welcome to BankInfoSecurity's FFIEC Guidance Resource Center!
The latest news, views and education on the Federal Financial Institutions Examination Council's latest guidance on the risks and risk management controls necessary to authenticate services in an Internet banking environment.
The Department of Homeland security sees malware provenance - which identifies the attributes of malicious codes - as a way to complement its signature-based Einstein intrusion detection and prevention systems to find malware that infects IT systems.
The FFIEC's Cybersecurity Assessment Tool needs to be redesigned, as the tool's current design sets institutions up for cyber-risk assessment failure. Industry leaders say they're hopeful that change is on the way because the FFIEC is reviewing a second wave of comments about the tool's efficacy.
In response to banking institutions' requests for clarification of the Cybersecurity Assessment Tool, the Federal Financial Institutions Examination Council is taking a preliminary step that could lead to refinements.
The security of Internet-connected toys is in the limelight after toymaker VTech acknowledged suffering a data breach that affects 5 million accounts and personal information and photographs relating to more than 200,000 children.
Ireland's Cyber Crime Conference in Dublin drew a capacity crowd for a full day of security briefings, networking, hotly contested capture-the-flag and secure-coding challenges, as well as a chance to sharpen one's lock-picking skills.
TalkTalk's confusion in the wake of its recent data breach, as well as mangling of technical details and failure to encrypt customer data, demonstrate the importance of having an incident-response plan ready in advance of any breach, experts say.
The FBI is pursuing a suspected Russian hacker who reportedly amassed a trove of 1.2 billion stolen online credentials, plus payment card data and Social Security numbers, and who's offered access to hacked Facebook and Twitter accounts.
Despite near-constant warnings from law enforcement officials and the information security community, too many organizations still aren't taking security seriously, experts warned at the Irish Cyber Crime Conference in Dublin.
Fraudsters break into your network by phishing for access in increasingly sophisticated ways. Anthony Giandomenico of Fortinet describes the importance of tracing every step in the attack lifecycle when devising an effective security strategy.
How do you effectively secure healthcare networks when so many devices access them? Deena Thomchick of Fortinet discusses the unique challenges faced by healthcare leaders required to guard against incursion, both by outside hackers and insiders.
In an age of ubiquitous information sharing, it is critical to control how information is presented - and to whom. Lynne Courts of Seclore discusses new security strategies and solutions that address this need.
BitSight Technologies is out with its annual Industry Benchmark Report, and cybersecurity ratings are low for the energy and utilities industry. BitSight's Mike Woodward shares insights for all sectors.