Welcome to BankInfoSecurity's FFIEC Guidance Resource Center!

The latest news, views and education on the Federal Financial Institutions Examination Council's latest guidance on the risks and risk management controls necessary to authenticate services in an Internet banking environment.

Full Text of Final Guidance

Exposing Software Supply Chain Risks

Tom Field • August 24, 2021

Tomislav Pericin, Co-founder and Chief Software Architect for ReversingLabs, discusses the evolution of supply chain attack sophistication, and why both software builders and buyers need to change how they defend against attack surface area risks.

Finance & Banking

A Unified Look at FinCrime

Finance & Banking

Financial Service versus Fraud – the Battle Continues

Fraud Management & Cybercrime

Utilizing Data Opportunities and Risks in Insurance to Protect Customers and Drive Greater Differentiation

Governance & Risk Management

The Executive Perspective Series featuring the White House Executive Order and More

Next-Generation Technologies & Secure Development

Security Meets 'Work from Anywhere'

Governance & Risk Management

'Zero Trust': Beyond Transformation

Events

Fraud 2021: Mules, Synthetic IDs, Deep Social Engineering

Latest

Fraud Management & Cybercrime

Sophos on 2021 State of Ransomware

Tom Field • May 16, 2021

Sophos recently released its 2021 State of Ransomware report, and it includes surprising findings on remediation costs, which have more than doubled over the past year. Dan Schiappa tackles the question: Does it pay to pay ransoms?

Events

Debunking Myths About MSPs

Anna Delaney • May 14, 2021

Increased reliance on the agile and remote work model has created more opportunities for MSPs. WatchGuard CEO Prakash Panjwani shares advice on how to engage an MSP that fits into the organization’s business model and establish a good partnership.

Fraud Management & Cybercrime

Attackers' Dwell Time Plummets as Ransomware Hits Continue

Mathew J. Schwartz • May 3, 2021

The average amount of time that online attackers camp out in a victim's network - or "dwell time" - has been declining, FireEye's Mandiant incident response group reports. But the surge in ransomware accounts for some attacks coming to light more quickly because those attackers announce their presence.

Governance & Risk Management

Now Is the Time for Radically Simple Security

Gee Rittenhouse • April 28, 2021

Next-Generation Technologies & Secure Development

Certificate Lifecycle Management Just Got More Strategic

Information Security Media Group • April 20, 2021

“Work from anywhere” is a game changer, and it has significant impacts on certificate lifecycle management. Patrick Nohe of GlobalSign discusses the new, strategic approach security leaders need to take for CLM.

Next-Generation Technologies & Secure Development

DTEX Case Study: Williams Racing

Information Security Media Group , • April 14, 2021

View this case study to learn how Williams Racing has applied Workforce Cyber Intelligence to keep its employees, equipment and IP safe as they work remotely and travel the globe.

Next-Generation Technologies & Secure Development

DTEX Case Study: VicTrack

Information Security Media Group , • April 14, 2021

View this casestudy to learn how Bruce Moore, CIO of VicTrack, uses DTEX InTERCEPT to improve the security of the organization.

Fraud Management & Cybercrime

OnDemand Webinar | Measuring Risk in Self-Service: Data Analysis on Real IVR Traffic

Information Security Media Group • April 6, 2021

Application Security

Adopting a 'Shift Left' Strategy

Geetha Nandikotkur • April 5, 2021

To deliver a secure infrastructure-as-code service, development teams must adopt a "shift left" strategy that brings all the applications and security under one umbrella to provide faster and continuous delivery of the fully automated code, according to Ori Bendet and Igor Markov of Checkmarx.

Next-Generation Technologies & Secure Development

The Power of Actionable Threat Intel

Tom Field • April 2, 2021

The lack of automation and actionable threat intelligence may be preventing enterprises from developing the fully functional Cyber Fusion Centers they envision. Anomali's Mark Alba shares ideas on how to change that.

Governance & Risk Management

Switching Away from Paper Documents for Good

Information Security Media Group • April 1, 2021

Replacing paper documents with an electronic version is one of the many tasks you may be facing as part of the remote work transformation.

Cloud Security

Is Your Security Stack Ready for the Modern Cloud?

Information Security Media Group • March 26, 2021

Digital transformation makes the headlines. But behind the scenes, many enterprises are struggling with the effects of cloud migration and the “shift left” movement. Knox Anderson of Sysdig shares tips for approaching the modern cloud.