Welcome to BankInfoSecurity's FFIEC Guidance Resource Center!

The latest news, views and education on the Federal Financial Institutions Examination Council's latest guidance on the risks and risk management controls necessary to authenticate services in an Internet banking environment.

Full Text of Final Guidance

Source: FireEye Mandiant

Attackers' Dwell Time Plummets as Ransomware Hits Continue

Mathew J. Schwartz • May 3, 2021

The average amount of time that online attackers camp out in a victim's network - or "dwell time" - has been declining, FireEye's Mandiant incident response group reports. But the surge in ransomware accounts for some attacks coming to light more quickly because those attackers announce their presence.

Next-Generation Technologies & Secure Development

OnDemand Webinar | Measuring Risk in Self-Service: Data Analysis on Real IVR Traffic

Application Security

Adopting a 'Shift Left' Strategy

Next-Generation Technologies & Secure Development

The Power of Actionable Threat Intel

Governance & Risk Management

Switching Away from Paper Documents for Good

Latest

Encryption & Key Management

How Unprotected Encryption Keys Enabled the SolarWinds Attack

Doug Olenick • March 5, 2021

The Senate Intelligence Committee hearing on the SolarWinds supply chain attack exposed the crucial flaw that allowed attackers, likely Russian, to gain entry into the company's system. Brad Beutlich of Entrust discusses how SolarWinds did not protect its encryption keys, which allowed them to be stolen and used by...

Cloud Security

Is Your Security Stack Ready for the Modern Cloud?

Information Security Media Group • March 26, 2021

Digital transformation makes the headlines. But behind the scenes, many enterprises are struggling with the effects of cloud migration and the “shift left” movement. Knox Anderson of Sysdig shares tips for approaching the modern cloud.

Endpoint Security

Purpose Built: Securing vSphere Workloads

Information Security Media Group • March 23, 2021

View this OnDemand webinar to learn how VMware Carbon Black is delivering unified workload protection that’s purpose-built for vSphere.

DevSecOps

OnDemand Webinar | Security Education for Developers

Information Security Media Group • March 12, 2021

Watch this episode of the "On The Road to DevSecOps" series to learn from a group of DevOps experts on why AppSec Awareness and Training matters and how to give your developers secure coding education that works.

DevSecOps

OnDemand Webinar | Public Sector Digital Transformation and Secure Software

Information Security Media Group • March 12, 2021

Software is at the center of it all, placing increased pressure on developers, security managers, and DevOps leaders to develop applications faster. However, this need for speed comes at a price, and security can be seen as a blocker and not an enabler. Watch this webinar to understand why it's time to prioritize your...

Next-Generation Technologies & Secure Development

On Demand Webinar | How to Effectively Manage the Modern Risks of Open-Source Code

Information Security Media Group • March 11, 2021

Watch this webinar to learn how to identify open source with confidence, minimize risk, prioritize remediation when issues arise & more.

Security Operations

ROI Case Study - Nucleus Research: European Financial Services Institution

Information Security Media Group • March 11, 2021

Next-Generation Technologies & Secure Development

What a Modern Threat Intelligence Program Should Be

Tom Field • March 2, 2021

Many enterprises have what they consider to be mature threat intelligence programs. Yet they continue to be breached. Where is the disconnect? Gene Yoo, CEO of Resecurity, describes what’s wrong with TI programs today, as well as the essential elements of a modern threat intelligence program.

Fraud Management & Cybercrime

Ransomware: How to Regain Lost Ground

Tom Field • February 25, 2021

Amid a surge in destructive ransomware attacks, Datto CISO Ryan Weeks says we “are losing ground” to the adversaries. He offers insight from a new Global Ransomware Report and the start of a multisector Ransomware Task Force.

Identity & Access Management

OnDemand Webinar: 2021 State of Physical Access Control

February 24, 2021

Watch this OnDemand webinar to learn more about the data uncovered during this unprecedented year and how organizations are seeking to implement and extend modern security capabilities.

Finance & Banking

Human Challenge: Hard For Humans, Easy For Bots

Information Security Media Group • February 18, 2021

Listen to this podcast to learn how a leading cybersecurity company is combating bad bots and making web apps’ user experience easier using Human Challenge.

COVID-19

Zero Trust: The New Reality

Tom Field • February 16, 2021

COVID-19 didn’t spark digital transformation – it accelerated it. And as a result, what used to be cybersecurity’s IAM exceptions are now the rule. It’s a new reality and a new opportunity for the zero trust model, says Dr. Amit Sinha of Zscaler.