Welcome to BankInfoSecurity's FFIEC Guidance Resource Center!

The latest news, views and education on the Federal Financial Institutions Examination Council's latest guidance on the risks and risk management controls necessary to authenticate services in an Internet banking environment.

Full Text of Final Guidance

The State of Enterprise Mobile App Security 2023: Results Analysis

Tony Morbin • November 17, 2023

Compromised mobile apps can be an open door to critical enterprise app servers and other back-end systems, and this survey aims to shine a light on a potential hole in most enterprise security walls – exposing potential gaps in CISO awareness.

Cloud Security

Panel Discussion: Cloud Security in Financial Services

Artificial Intelligence & Machine Learning

Securing Data in a SaaS World

On Demand | Health Sector and Evolution of Complex Threats & What That Means for your SOC

3rd Party Risk Management

Unintended Risks Downloaded into Development

Application Security & Online Fraud

The Evolution of Online Fraud in 2023 and Best Practices to Plug the Gaps

Advanced SOC Operations / CSOC

On Demand | The time for automation is now: How your attackers are using automation and why you need to get on board

Black Hat

CNAPPs Emerge as a Game Changer in Cloud Security

Latest

Governance & Risk Management

Evolving Cybersecurity: Embrace an Infinite Defense Strategy

Tom Field • August 25, 2023

As the threat landscape continues to evolve, defenders need to shift their focus from individual wins to sustained proactive defenses. Resecurity COO Shawn Loveland proposes embracing a strategy of understanding and fighting adversaries in a constantly changing space - with no beginning and no end.

Security Operations

On Demand | The evolution of complex threats: Defining a modern and sophisticated threat and what that means for your SOC

Information Security Media Group • August 23, 2023

Join us to learn from Cisco about what new, modern and sophisticated threats look like today, and how these complex threats make it harder to succeed at effective threat detection and response

Security Operations

On Demand | With more data, comes more responsibility: The open nature of XDR and cross-domain telemetry

Information Security Media Group • August 23, 2023

Join us to learn how taking an open approach to XDR and leveraging native but also third-party tools can result in better detections of threats, and a more coordinated response strategy!

Black Hat

Securing Applications, Accelerating DevOps With Clean Code

Tom Field • August 22, 2023

Applications rely on lines of code to provide business value, but too much of that code is inherently dirty, full of inconsistencies and vulnerabilities. Olivier Gaudin, co-founder and CEO of Sonar, said organizations need clean code that is consistent, intentional, adaptable and responsible.

Artificial Intelligence & Machine Learning

Gen AI: Why Organizations Need to Weaponize the Weapon

Michael Novinson • August 18, 2023

The democratization of AI has proved to be a double-edged sword - both enabling cyberattacks and defending against them. Generative AI can help organizations effectively correlate signals, identify threats and deploy countermeasures before attacks escalate, said Fleming Shi, CTO at Barracuda.

Threat Activity Clusters: Defenders' Way to Fight Ransomware

Michael Novinson • August 18, 2023

Threat clusters can be used to identify patterns of malicious behavior that traditional attribution in cybersecurity strategies could miss. These patterns can be used to develop early warning systems and prioritize resources for investigation and response, said John Shier, field CTO at Sophos.

Black Hat

KillNet: The Next-Generation DDoS Group?

Tom Field • August 18, 2023

DDoS attacks often disrupt the normal functioning of a targeted server, service or network by overwhelming it with a flood of traffic. KillNet, a collective of Russian-aligned hacktivists known for its DDoS attacks, gained attention by successfully taking down several U.S. government websites.

Artificial Intelligence & Machine Learning

Navigating the Security Landscape of Generative AI

Tom Field • August 18, 2023

The advent of generative AI has increased the importance of enterprise browsers as the interface through which users interact with this technology. Enterprise browsers have gained prominence with their role in organizational workflows, which had been somewhat overlooked in the past.

Artificial Intelligence & Machine Learning

Seamlessly Curate Software Packages Entering Your Organization

August 17, 2023

Artificial Intelligence & Machine Learning

Convergence of Cyber and Physical Security for a Safer World

Tom Field • August 17, 2023

Historically, IT and physical security teams have served in separate areas, but that is changing due to emerging threats such as a drone that landed on a firm's roof to steal data. Both teams need to be alerted to threats, said Kelly Rein, senior director of product at Claro Enterprise Solutions.

AI in XDR: When Does It Make Sense?

AJ Shipley, Vice President, Product - Threat Detection & Response • August 8, 2023

ChatGPT set the world on fire six months ago, and since then a slew of companies have released features or products built on or around generative AI - some of them completely legitimate and some of them little more than snake oil. Does AI makes sense everywhere for everything? Absolutely not.

Cisco Secure Access: SSE That Enables the Business

Jeff Scheaffer, Vice President of Product Management (SSE, SASE and Security Cloud) • August 8, 2023

Cisco Secure Access is a security service edge solution that delivers zero trust access to efficiently solve today's challenge of safely connecting anything to anywhere and reimagines the experience to make it better for users, easier for IT and safer for everyone.