FFIEC BankInfoSecurity.com

Ensuring data privacy in compliance with government regulations and consumer protection laws presents a complex set of challenges for financial firms. Coupled with the rising sophistication in security threats, many industries are under regulatory fire in demonstrating accountability and addressing compliance...

In this whitepaper you will get an overview of Access Governance, introducing the concept, the business drivers, and the associated challenges. The paper explains a four-phase approach to achieving Access Governance and explores the capabilities that are required in each phase. Topics covered in the whitepaper...

Organizations of all sizes continue to face ever-stricter regulatory and security requirements to protect their IT assets from unauthorized use. In response, many enterprises have embarked upon Identity and Access Management (IAM) initiatives, only to be disappointed with the cost, speed and effectiveness of their...

The Payment Card Industry Data Security Standard (PCI DSS) applies to every organization that processes credit or debit card information. Complying with PCI requirements is now a normal part of doing business in today's interconnected world. PowerTech security products are designed to help you secure your IBM Power...

Unmistakably, the release of the FFIEC supplement was the result of an increasingly hostile online banking environment created by the introduction of advanced malware. To effectively comply with FFIEC guidelines, financial organizations need to select a solution that is able to provide real-time threat intelligence...

Trusteer has been protecting customers against cybercrime since 2006. Based on our accumulated experience with hundreds of customers and millions of protected endpoints, we have created a framework that includes 7 key requirements for selecting a cybercrime prevention solution. This document highlights: Why...

Malware has become the primary attack tool used by cybercriminals to execute account takeover and initiate fraudulent transactions, and has been able to stay undetected by most security controls implemented by financial institutions. By preventing anomalous transactions generated by malware-infected machines,...

This research study, conducted by Guardian Analytics, was designed to evaluate how financial institutions have responded to the FFIEC guidance supplement issued in June 2011. The results, reflecting the input from more than 300 financial institution executives, show that banks and credit unions have initially...

According to a June 2011 report from the FFIEC: "institutions should no longer consider such basic challenge questions [like mother's maiden name], as a primary control, to be an effective risk mitigation technique." Regulatory bodies recognize the gaps in using Knowledge-based Authentication, or "KBA," as a primary...

Telephonic authentication as we know it today is dying, and enterprises can no longer trust Caller ID or Automatic Number Identification (ANI). Annual total fraud costs U.S. businesses $62 billion - due in part to phone hacking and caller ID spoofing, which are outpacing risk mitigation strategies. Spoofed Caller...