Welcome to BankInfoSecurity's FFIEC Guidance Resource Center!

The latest news, views and education on the Federal Financial Institutions Examination Council's latest guidance on the risks and risk management controls necessary to authenticate services in an Internet banking environment.

Full Text of Final Guidance

Nathan Hunstad, Code42

The Unspoken Insider Threat

Information Security Media Group • October 9, 2019

When it comes to identifying and stopping malicious and even accidental insider threats, organizations are often overlooking a significant gap. Nathan Hunstad of Code42 discusses how to plug this costly leak.

Security Operations

Log Management and Graylog Alerts- Keeping Track of Events In Real Time

3rd Party Risk Management

Security Leaders Share Secret Sauce for Success with Digital Transformation

Governance

OnDemand Webinar | Post-GDPR and CCPA: What Must Security Leaders Know about Privacy?

Governance

Sorting Through 'Zero Trust' Misconceptions

Latest

Active Defense & Deception

Operation Soft Cell

Cybereason • August 23, 2019

In 2018, the Cybereason Research team identified a series of attacks targeting telecommunications companies. These attacks shared the same TTPs and consisted of a webshell execution followed by the deployment of Poison Ivy, a well-known RAT attributed to Chinese APT groups.

Account Takeover

Credential Stuffing Attacks vs. Brute Force Attacks

Mike Greene • August 19, 2019

To explore how credential stuffing attacks and brute force attacks differ, we need to understand what they are and how they operate. Here is a quick summary.

Cloud Access Security Brokers (CASB)

Cloud Security Solutions for Government: Recorded at AWS Public Sector Summit

Information Security Media Group • July 31, 2019

FireEye and AWS hosted a Cloud Security Breakfast Briefing summer of 2019. During this briefing Stephen Alexander, AWS National Security Senior Solutions Architect and FireEye's Martin Holste, Cloud Security CTO, and Tim Appleby, Director of Federal Programs, addressed how organizations can achieve the security needed...

Cybercrime

Code Triage: Why Healthcare is Facing More Cyber Attacks and How to Protect Your Organization

Information Security Media Group • July 31, 2019

Healthcare organizations face a number of unique security concerns, including the increasingly interconnected systems between doctors' offices, hospitals, insurance companies and suppliers.

Governance

Tackling the IAM Modernization Journey: Insights from CISO Sam Massiello

Ping Identity • July 31, 2019

Gates Corporation CISO Sam Masiello on how they brought their vision of a global authentication authority to life with advisory, configuration, deployment, and employee training.

Network Firewalls, Network Access Control

Spotlight on Zero Trust Network Access

Information Security Media Group • July 30, 2019

The promise of cloud and mobility is to provide access to key services quickly and from anywhere at any time from any device. Zscaler's Lisa Lorenzin opens up on zero trust network access technologies, which provide a secure alternative to legacy methods.

Account Takeover

Eliminating the Burden of Periodic Password Reset for Active Directory

Mike Wilson • July 29, 2019

Most organizations are now actively moving to password policies that don't expire.

Governance

OnDemand Webinar | Integrating Information Risk Management into Business Risk Management

Information Security Media Group • July 26, 2019

This webinar explores communication challenges around information security, the typical journey organizations are taking to bring information risk management into the broader umbrella of business risk management, and the advantages accruing to organizations as they mature their information risk management programs.

Application Security

Secure the Core | Creating Resilient Business Applications

Onapsis • July 26, 2019

Did you know that public exploits for business applications have increased 100 percent since 2015? Today, over 77 percent of the world's transactional revenue touches an ERP system, making these applications an attractive target for cyber criminals looking to profit from the highly-sensitive and regulated data that...

Governance

Mitigating the Security Skills Crisis

Information Security Media Group • July 24, 2019

Security leaders for a decade now have been discussing the profession's growing skills gap. But what is its true business impact, and what are some near- and long-term strategies to mitigate it? FireEye's Gareth Maclachlan shares insight.

Fraud Management & Cybercrime

Security as a Catalyst for Digital Transformation

Information Security Media Group • July 24, 2019

Digital transformation: It's the present and future of business, as enterprises adapt to work at the speed and convenience of new demands. But amidst this transformation, how can security leaders avoid being obstacles and actually become catalysts for change? Alex Teteris of Zscaler shares insight.

3rd Party Risk Management

Rethinking Supply Chain Security

Information Security Media Group • July 23, 2019

When it comes to supply chain risk, many organizations overlook how dependent they are on those critical relationships, says Matt Kraning of Expanse. As a result, they are minimizing serious security vulnerabilities. Kraning offers insights on rethinking that dynamic.