Welcome to BankInfoSecurity's FFIEC Guidance Resource Center!

The latest news, views and education on the Federal Financial Institutions Examination Council's latest guidance on the risks and risk management controls necessary to authenticate services in an Internet banking environment.

Full Text of Final Guidance

OnDemand Webinar | Asset Management: The Toyota Camry of Cyber Security

Information Security Media Group • June 19, 2019

Security teams' jobs continue to get exceedingly difficult, but they're still spending time trying to figure out where things are and what they are.

Business Continuity Management / Disaster Recovery

The Ride-Along: Intelligence Analysis for Real Time Crime Centers

Latest

Next-Generation Technologies & Secure Development

Inside Netscout's Threat Report

Tom Field • March 25, 2019

Netscout is out with its latest threat report, and the research offers some startling new insights into DDoS, advanced threats and the commercialization of cybercrime. Hardik Modi offers analysis.

Application Security

API-Centric Automated Attacks on the Rise

Varun Haran • March 25, 2019

CloudEntity CEO Nathaniel Coffing shares insight on building foundational API security in a zero-trust world.

Fraud Management & Cybercrime

CrowdStrike's 2019 Global Threat Report

Tom Field • March 25, 2019

CrowdStrike is out with its 2019 Global Threat Report, which includes a ranking of the most dangerous nation-state adversaries. The company's CTO, Dmitri Alperovitch, discusses the report's key findings about threats and threat actors.

Identity & Access Management

Gaining Visibility and Control Over Passwords

Nick Holland • March 25, 2019

Passwords are still a persistent security threat, given their ubiquity as a form of authentication and the inability of users to create strong, unique passwords. John Bennet of LogMeIn discusses the issue and solutions.

Fraud Management & Cybercrime

Threat Watch: Phishing, Social Engineering Continue

Mathew J. Schwartz • March 25, 2019

Reviewing 2018 attacks, Jon Clay of Trend Micro, says social engineering persists, including phishing attacks, while criminals also continue to steal credentials, lob ransomware at targets and push cryptomining malware.

Application Security

Application Security and the Focus on Software Integrity

Tom Field • March 25, 2019

As trends such as DevSecOps and agile application development spread, enterprises increasingly are focused on software integrity. Andreas Kuehlmann of Synopsys discusses how to address this shift.

Governance

3 Hot Legal Topics at RSA Conference 2019

Mathew J. Schwartz • March 25, 2019

What's hot on the cybersecurity legal front? For starters, in 2018, the U.S. Department of Justice indicted twice as many alleged state-sponsored attackers than it had ever indicted, says Kimberly Peretti of Alston & Bird.

Endpoint Detection & Response (EDR)

Capturing ROI on Your Unified Endpoint Management Investment

Information Security Media Group • May 14, 2019

Unified endpoint management exists because devices have grown in number, variety and complexity of how they're being used in the workplace. So how should IT and security leaders approach UEM? John Harrington Jr. and Ryan Schwartz of IBM MaaS360 with Watson share insight.

Application Security

How does API Management Complement IAM?

Information Security Media Group • May 13, 2019

Flat-out, traditional IAM practices are insufficient to secure a modern enterprise that relies on such diverse endpoints and connected devices. But API management can play a strong complementary role, says Jay Thorne of CA Technologies, a Broadcom company.

Governance

Executive Roundtable Recap: "Confessions of a Healthcare CISO"

Nick Holland • May 8, 2019

ISMG and NTT hosted a roundtable dinner in Chicago on May 8 focused on "Confessions of a Healthcare CISO".

Governance

Cultural Challenges and Digital Transformation

Nick Holland • May 6, 2019

ISMG and Zscaler hosted a roundtable dinner in Morristown, New Jersey on April 11 focused on security's role in digital transformation.

Multi-factor & Risk-based Authentication

The Vision for Omnichannel Authentication

Information Security Media Group • May 3, 2019

Enterprises today have many digital ways of interacting with their customers - and therefore just as many ways for authenticating those users and transactions. Sesh Venkataraman of CA Technologies explains the business value of omnichannel authentication solutions.