Welcome to BankInfoSecurity's FFIEC Guidance Resource Center!

The latest news, views and education on the Federal Financial Institutions Examination Council's latest guidance on the risks and risk management controls necessary to authenticate services in an Internet banking environment.

Full Text of Final Guidance

David Vergara, OneSpan

Banking on Cloud Security

Information Security Media Group • November 13, 2020

"Better, cheaper, faster." These are the results that banking institutions can receive by shifting security to the cloud, says David Vergara of OneSpan. At a time when multi-channel fraud is surging and the customer experience is paramount, cloud needs serious consideration, he says.

Next-Generation Technologies & Secure Development

Securing Endpoints with LogMeIn Antivirus Powered by Bitdefender

Latest

Endpoint Detection & Response (EDR)

Case Study: Cushman & Wakefield

Information Security Media Group , • September 29, 2020

Endpoint Security

Ensuring Business Continuity by Securing Your Remote Workforce

Information Security Media Group , • September 29, 2020

Join CrowdStrike VP of Product Marketing Ian McShane and Zscaler Director of Transformation Strategy Nathan Howe as they offer insight into how cloud and endpoint security can join hands to strengthen security protection, detection and remediation.

Governance & Risk Management

Continuously Validate Security to Maximize the Value of Your Investments

Earl Matthews, VP of Strategy, Mandiant Security Validation • September 22, 2020

The 2020 Security Effectiveness Report shares our findings from an evaluation of 100+ enterprise production environments globally across every major vertical.

Artificial Intelligence & Machine Learning

Next Gen Cybersecurity: New Tools for New Threats

Tom Field • September 21, 2020

Cybercriminals have weaponized AI tools to easily bypass traditional security controls and create effective new attacks such as credential stuffing. That means it's time to shift to next gen cybersecurity, says Shuman Ghosemajumder of F5. And here are the technologies that will get you there.

Business Email Compromise (BEC)

The New Email Security Imperative

Tom Field • September 17, 2020

The 'work from anywhere' experience has fundamentally changed how we work - and how cyber adversaries leverage email as an attack vector. Daniel McDermott and Gar O'Hara of Mimecast outline a holistic approach that focuses on email defense, awareness and response.

Governance & Risk Management

Zero Standing Privilege: How to Achieve it

Tom Field • August 25, 2020

Increasingly, cyber attacks are taking advantage of privileged accounts, and traditional PAM controls are not enough to defend against them. Tim Keeler of Remediant discusses the role of Zero Standing Privilege and just-in-time privileged account defense.

Fraud Management & Cybercrime

Enhancing Approval Rates: Best Practices In An Accelerated eCommerce Environment

Information Security Media Group • July 28, 2020

View this OnDemand webinar on the role that merchants and issuers play in enhancing approval rates.

Endpoint Security

Several Prominent Twitter Accounts Hijacked in Cryptocurrency Scam

Scott Ferguson • July 15, 2020

Several prominent business executives and politicians, including Joe Biden, Elon Musk and Bill Gates, had their Twitter accounts hijacked in what appears to be a cryptocurrency scam, according to news reports. Some security experts believe that two-factor authentication protections failed.

Cybercrime

Yet Again, Vulnerabilities Found in a Router

Jeremy Kirk • July 14, 2020

It's common for security researchers to be ignored when reporting a software vulnerability. The latest example - vulnerabilities found by Independent Security Evaluators in a router made by China-based Tenda.

Governance & Risk Management

Remote Workforce Security - the Long Game

Information Security Media Group • May 21, 2020

"Risk acceptance" was the operative term as organizations quickly deployed remote workforces in response to the global crisis. But now, as this deployment becomes a long-term option, enterprises need to take a future-focused view toward identity, cloud, and the attack surface. Forcepoint's Homayun Yaqub offers tips.

Application Security

AST as the Key to DevSecOps Maturity

Information Security Media Group • May 15, 2020

DevSecOps is in its "awkward teenage years," says Matthew Rose of Checkmarx. But with new tooling and automation - particularly application security testing tools - he sees the practice maturing quickly and delivering improved outcomes.

Application Security

Zero Trust: 3 Critical Considerations

Tom Field • May 4, 2020

Done right, a zero trust architecture can reduce the complexity of one's environment while also improving cybersecurity protection and efficiency. Bob Reny of ForeScout focuses on three critical considerations: visibility, compliance and control.