Welcome to BankInfoSecurity's FFIEC Guidance Resource Center!

The latest news, views and education on the Federal Financial Institutions Examination Council's latest guidance on the risks and risk management controls necessary to authenticate services in an Internet banking environment.

Full Text of Final Guidance

Operation Soft Cell

Cybereason • August 23, 2019

In 2018, the Cybereason Research team identified a series of attacks targeting telecommunications companies. These attacks shared the same TTPs and consisted of a webshell execution followed by the deployment of Poison Ivy, a well-known RAT attributed to Chinese APT groups.

Account Takeover

Credential Stuffing Attacks vs. Brute Force Attacks

Cloud Access Security Brokers (CASB)

Cloud Security Solutions for Government: Recorded at AWS Public Sector Summit

Cybercrime

Code Triage: Why Healthcare is Facing More Cyber Attacks and How to Protect Your Organization

Governance

OnDemand Webinar | Integrating Information Risk Management into Business Risk Management

Latest

Breach Notification

Identity as a Game-Changing Breach Defense

Information Security Media Group • June 25, 2019

Often in breach response, security professionals focus on the technical aspects of the attack. Yet, the non-technical aspects are often more insidious, says Teju Shyamsundar of Okta. And Identity can be a powerful tool to bolster defenses.

Application Security

Secure the Core | Creating Resilient Business Applications

Onapsis • July 26, 2019

Did you know that public exploits for business applications have increased 100 percent since 2015? Today, over 77 percent of the world's transactional revenue touches an ERP system, making these applications an attractive target for cyber criminals looking to profit from the highly-sensitive and regulated data that...

Governance

Mitigating the Security Skills Crisis

Information Security Media Group • July 24, 2019

Security leaders for a decade now have been discussing the profession's growing skills gap. But what is its true business impact, and what are some near- and long-term strategies to mitigate it? FireEye's Gareth Maclachlan shares insight.

Fraud Management & Cybercrime

Security as a Catalyst for Digital Transformation

Information Security Media Group • July 24, 2019

Digital transformation: It's the present and future of business, as enterprises adapt to work at the speed and convenience of new demands. But amidst this transformation, how can security leaders avoid being obstacles and actually become catalysts for change? Alex Teteris of Zscaler shares insight.

3rd Party Risk Management

Re-Thinking Supply Chain Security

Information Security Media Group • July 23, 2019

When it comes to supply chain risk, many organizations overlook how dependent they are on those critical relationships, says Matt Kraning of Expanse. As a result, they are minimizing serious security vulnerabilities. Kraning offers insights on re-thinking that dynamic.

Account Takeover

Strong Authentication vs. User Experience

Kristen Ranta Haikal Wilson • July 22, 2019

It is a simple fact that strong authentication will impact user experience and effectiveness.

Identity & Access Management

The Vision for Omnichannel Authentication

Information Security Media Group • July 21, 2019

Enterprises today have many digital ways of interacting with their customers - and therefore just as many ways for authenticating those users and transactions. Sesh Venkataraman of CA Technologies explains the business value of omnichannel authentication solutions.

Identity & Access Management

How does API Management Complement IAM?

Information Security Media Group • July 21, 2019

Flat-out, traditional IAM practices are insufficient to secure a modern enterprise that relies on such diverse endpoints and connected devices. But API management can play a strong complementary role, says Jay Thorne of CA Technologies, a Broadcom company.

Endpoint Security

Proactive Mobile Threat Defense

Information Security Media Group • July 17, 2019

From malware and phishing to cryptojacking and man-in-the-middle attacks, mobile threats are rampant, and organizations need to stay a step ahead. Traditional threat management has been reactive. But IBM and Wandera have joined forces to stop threats dead in their tracks before they get close to your environment.

Security Operations

OnDemand Webinar | The Power of AI to Disrupt Security Ops

Information Security Media Group • July 16, 2019

Learn about the concept of autonomous security driven by AI, probability theory and advanced algorithms in this exclusive webinar.

NIST Standards

Surprising Password Guidelines from NIST

Mike Wilson • July 15, 2019

NIST guidelines often become the foundation for best practice recommendations across the security industry and are incorporated into other standards.

Application Security

Defending Against Application Breaches

Information Security Media Group • July 11, 2019

Applications have become primary targets for two vastly different, but equally dangerous, types of cyberattacks. Successful application breaches can lead to financial fraud, stolen IP, and business disruption.