Welcome to BankInfoSecurity's FFIEC Guidance Resource Center!

The latest news, views and education on the Federal Financial Institutions Examination Council's latest guidance on the risks and risk management controls necessary to authenticate services in an Internet banking environment.

Full Text of Final Guidance

Jennifer Ayers, CrowdStrike

Why Managed Threat Hunting?

Information Security Media Group • September 7, 2018

Increasingly, threat hunting is a practice that enterprises want to understand and implement. But it is not always feasible to do so in-house, given the demand for resources and skills. That's where managed threat hunting enters, says CrowdStrike's Jennifer Ayers.

Anti-Fraud

Sophisticated Online Attacks: An In-Depth Analysis

Containerization & Sandboxing

CISO Panel Webinar: Reducing the Cyber Exposure Gap from Cloud to Containers

Cybersecurity

Modern Identity and Access Management: How to Build Trust without Sacrificing Security

Cybersecurity

Threat Hunting: How to Evolve Your Incident Response

Latest

Cybersecurity

Threat Hunting: How to Evolve Your Incident Response

Tom Field • June 25, 2018

Tom Field and Ben Smith of RSA Security reflect on key findings from their recent Executive Roundtable on threat hunting,

Cybersecurity

How to Use the NIST Cybersecurity Framework

Josh Mayfield • June 8, 2018

By focusing on the cybersecurity actions, NIST CSF can be flexibly deployed regardless of the setting or industry.

Compliance

Procrastinators' Guide to GDPR Compliance

Mark McGlenn • May 21, 2018

If you're paying attention, you've probably already seen a handful of GDPR-related headlines just today, let alone in the last week or month. But there are two good reasons for the deluge of GDPR discussion right now: It's incredibly important and the time to act is now.

Cybersecurity

A New Way to Handle Cyber Claims

Information Security Media Group • May 11, 2018

Eduard Goodman, global privacy officer of CyberScout, doesn't like the disorganized way most cyber incidents are handled now. Instead, he would like to see a more project management approach. Here are the benefits he foresees.

Anti-Malware

What GDPR Means for Cybersecurity

Information Security Media Group • May 4, 2018

We all know about May 25 and the enforcement deadline for Europe's General Data Protection Regulation. But what impact will GDPR have on cybersecurity programs? Danny Rogers of Terbium Labs weighs in on the topic.

Endpoint Security

Axonius: A New Approach to Device Management

Tom Field • May 2, 2018

At a time when so many new devices are connected to enterprise networks, security leaders struggle just to inventory the devices - never mind secure them. Nathan Burke, CMO of Axonius, a new device management vendor, discusses the niche Axonius fills.

Next-Generation Technologies & Secure Development

LogicHub: Automating SOC Intel

Tom Field • May 2, 2018

Monica Jain has a lot of experience in security operations centers, and she knows much of the tribal knowledge there is not automated or shared. That's why she co-founded LogicHub, a new intelligence automation platform.

Advanced SOC Operations / CSOC

What You Need to Know About GDPR Breach Disclosure, Response

Mark McGlenn • April 23, 2018

Incident response is a critical pillar of an effective endpoint security program, one that will gain importance as GDPR enforcement comes into play on May 25. Organizations must be ready to react if and when an incident occurs in order to meet the stringent requirements that apply during an incident.

Advanced SOC Operations / CSOC

Cybersecurity for the SMB

Information Security Media Group • April 6, 2018

The high-profile breaches of Fortune 100 companies are the ones that get the headlines, but small and midsized businesses should not breathe any sighs of relief. They are very much still targets, says Austin Murphy of CrowdStrike. He offers cybersecurity advice to SMBs.

Advanced SOC Operations / CSOC

Getting Ahead of The Adversary: Government Threat Hunting Tactics

April 5, 2018

Government cyber teams must adopt a modern and evolving security operations model and an analytics-driven approach to cybersecurity if they hope to keep pace with the evolving threat landscape.

Advanced SOC Operations / CSOC

3 Steps to Asset Management and Software Auditing

Richard Henderson • March 30, 2018

With the explosion of laptops, IoT, tablets, smartphones and other smart technologies, endpoints are the single largest group of devices inside your network today. Managing all of your assets and their software requires three foundational steps.

Advanced SOC Operations / CSOC

4 Tips for Implementing a Mature Endpoint Security Strategy

Richard Henderson • March 21, 2018

An effective endpoint security strategy can be as layered as you want it to be. But you'll have a strong foundation if you build off of these four key steps.