Welcome to BankInfoSecurity's FFIEC Guidance Resource Center!

The latest news, views and education on the Federal Financial Institutions Examination Council's latest guidance on the risks and risk management controls necessary to authenticate services in an Internet banking environment.

Full Text of Final Guidance

How to Use the NIST Cybersecurity Framework

Josh Mayfield • June 8, 2018

By focusing on the cybersecurity actions, NIST CSF can be flexibly deployed regardless of the setting or industry.

Anti-Phishing, DMARC

What You Need to Know About GDPR Breach Disclosure, Response

Latest

Anti-Fraud

Getting Ahead of The Adversary: Government Threat Hunting Tactics

April 5, 2018

Government cyber teams must adopt a modern and evolving security operations model and an analytics-driven approach to cybersecurity if they hope to keep pace with the evolving threat landscape.

Anti-Malware

3 Steps to Asset Management and Software Auditing

Richard Henderson • March 30, 2018

With the explosion of laptops, IoT, tablets, smartphones and other smart technologies, endpoints are the single largest group of devices inside your network today. Managing all of your assets and their software requires three foundational steps.

Breach Preparedness

4 Tips for Implementing a Mature Endpoint Security Strategy

Richard Henderson • March 21, 2018

An effective endpoint security strategy can be as layered as you want it to be. But you'll have a strong foundation if you build off of these four key steps.

Cybersecurity

The Path to Modern IAM

Information Security Media Group • March 19, 2018

The technology and operating models for identity and access management have evolved with time, but the way many enterprises approach IAM has not. How can security leaders modernize their IAM strategy in this era of unprecedented complexity? Patrick Wardrop of IBM Security shares insights.

Anti-Fraud

5 Ways to Improve Insider Threat Prevention

Richard Henderson • March 15, 2018

If you browsed the latest security headlines, you'd probably think the majority of data breaches were related to hackers, political activists, malware or phishing. While the latter two hint at it, the truth is that nearly half of all data breaches can be traced back to insiders in some capacity.

Anti-Malware

Preparing an Omnichannel Anti-Fraud Strategy

Information Security Media Group • March 5, 2018

Many banking institutions boast of being "digital first" and enabling "omnichannel banking." But are they fully aware of the new fraud risks they also are inviting? Kimberly Sutherland and Kimberly White of LexisNexis Risk Solutions discuss how to mitigate omnichannel fraud.

Cybersecurity

Simplifying Advanced Attack Detection

Information Security Media Group • February 28, 2018

Despite the millions of dollars companies invest in cybersecurity programs, advanced persistent attackers constantly devise new means of breaking into corporate environments. How can deception technology offer a new alternative? Ofer Israeli of Illusive Networks explains.

Anti-Malware

Latest Ransomware Outbreak Spreading From Eastern Europe

Deepen Desai • February 27, 2018

A new strain of the Petya ransomware called "Bad Rabbit" is impacting business and sweeping across Russia and Ukraine, among other Eastern European countries. Like many of the other ransomware outbreaks, understanding fact from fiction is the first step in staying safe.

Anti-Malware

The Convergence of Healthcare Innovation and Compliance

Information Security Media Group • February 16, 2018

With advances in big data, artificial intelligence, machine learning and more, healthcare is primed to innovate. But do HIPAA, GDPR and other regulatory standards inhibit the ability to innovate? Scott Whyte of ClearDATA discusses healthcare's complex convergence of innovation and compliance.

Cybersecurity

Bridging the Password Gap

Information Security Media Group • February 8, 2018

Rachael Stockton of LastPass says that 81 percent of breaches are caused by weak or reused passwords. So, is it time to take a hard look at password management and consider adding some technology to the practice?

Anti-Malware

The Struggle is Real for DoD: More Dynamic Controls Required by RMF

Splunk • February 7, 2018

The struggle is real as DoD moves from DIACAP to RMF. System owners are challenged to adopt technology that can address the more dynamic controls required by RMF. Learn how to get help from defense agencies to monitor and assess their systems for RMF compliance by automating the gathering, analysis and reporting of...

Cybersecurity

The Sorry State of Endpoint Security

Information Security Media Group • February 6, 2018

More than half of surveyed organizations were struck by ransomware in 2017. And more than 75 percent of them were running up-to-date endpoint protection. What's the disconnect? Dan Schiappa of Sophos discusses the state of endpoint security.