Welcome to BankInfoSecurity's FFIEC Guidance Resource Center!
The latest news, views and education on the Federal Financial Institutions Examination Council's latest guidance on the risks and risk management controls necessary to authenticate services in an Internet banking environment.
It's common for security researchers to be ignored when reporting a software vulnerability. The latest example - vulnerabilities found by Independent Security Evaluators in a router made by China-based Tenda.
The 'work from anywhere' experience has fundamentally changed how we work - and how cyber adversaries leverage email as an attack vector. Daniel McDermott and Gar O'Hara of Mimecast outline a holistic approach that focuses on email defense, awareness and response.
Increasingly, cyber attacks are taking advantage of privileged accounts, and traditional PAM controls are not enough to defend against them. Tim Keeler of Remediant discusses the role of Zero Standing Privilege and just-in-time privileged account defense.
Several prominent business executives and politicians, including Joe Biden, Elon Musk and Bill Gates, had their Twitter accounts hijacked in what appears to be a cryptocurrency scam, according to news reports. Some security experts believe that two-factor authentication protections failed.
"Risk acceptance" was the operative term as organizations quickly deployed remote workforces in response to the global crisis. But now, as this deployment becomes a long-term option, enterprises need to take a future-focused view toward identity, cloud, and the attack surface. Forcepoint's Homayun Yaqub offers tips.
DevSecOps is in its "awkward teenage years," says Matthew Rose of Checkmarx. But with new tooling and automation - particularly application security testing tools - he sees the practice maturing quickly and delivering improved outcomes.
Done right, a zero trust architecture can reduce the complexity of one's environment while also improving cybersecurity protection and efficiency. Bob Reny of ForeScout focuses on three critical considerations: visibility, compliance and control.
This informational webinar will outline 4 actions you can take today to keep employees secure and productive during these challenging times, with tips straight from your identity and access management peers.
Alongside the sad and vast expense of legitimate claims, it is an unfortunate fact that in times of economic hardship, people have a history of taking any opportunity to exploit financial institutions for ill-gotten gain.