Welcome to BankInfoSecurity's FFIEC Guidance Resource Center!

The latest news, views and education on the Federal Financial Institutions Examination Council's latest guidance on the risks and risk management controls necessary to authenticate services in an Internet banking environment.

Full Text of Final Guidance

Continuously Validate Security to Maximize the Value of Your Investments

Earl Matthews, VP of Strategy, Mandiant Security Validation • September 22, 2020

The 2020 Security Effectiveness Report shares our findings from an evaluation of 100+ enterprise production environments globally across every major vertical.

Artificial Intelligence & Machine Learning

Enhancing Approval Rates: Best Practices In An Accelerated eCommerce Environment

Endpoint Security

Several Prominent Twitter Accounts Hijacked in Cryptocurrency Scam

Cybercrime

Yet Again, Vulnerabilities Found in a Router

CISO Trainings

A Fresh Look at API Security

Latest

Governance & Risk Management

Remote Workforce Security - the Long Game

Information Security Media Group • May 21, 2020

"Risk acceptance" was the operative term as organizations quickly deployed remote workforces in response to the global crisis. But now, as this deployment becomes a long-term option, enterprises need to take a future-focused view toward identity, cloud, and the attack surface. Forcepoint's Homayun Yaqub offers tips.

Application Security

AST as the Key to DevSecOps Maturity

Information Security Media Group • May 15, 2020

DevSecOps is in its "awkward teenage years," says Matthew Rose of Checkmarx. But with new tooling and automation - particularly application security testing tools - he sees the practice maturing quickly and delivering improved outcomes.

Application Security

Zero Trust: 3 Critical Considerations

Tom Field • May 4, 2020

Done right, a zero trust architecture can reduce the complexity of one's environment while also improving cybersecurity protection and efficiency. Bob Reny of ForeScout focuses on three critical considerations: visibility, compliance and control.

COVID-19

Webcast: Keeping Remote Workers Safe and Your Work Secure

Information Security Media Group • May 4, 2020

Learn how to protect employees from malicious web content.

Business Continuity Management / Disaster Recovery

Webinar | 4 Actions to Secure Work from Home Employees

Information Security Media Group • April 27, 2020

This informational webinar will outline 4 actions you can take today to keep employees secure and productive during these challenging times, with tips straight from your identity and access management peers.

3rd Party Risk Management

Fraud Thrives in a Crisis - Why The Insurance Community Needs to Stay Vigilant

Dennis Toomey, Global Director, Counter Fraud Analytics and Insurance Solutions, BAE Systems Applied Intelligence • April 21, 2020

Alongside the sad and vast expense of legitimate claims, it is an unfortunate fact that in times of economic hardship, people have a history of taking any opportunity to exploit financial institutions for ill-gotten gain.

Fraud Management & Cybercrime

Social Engineering's Role in Cyber Fraud - And What We Are Doing About It

James Hatch, BAE Systems Applied Intelligence • March 26, 2020

As outlined in our Vision for Tackling Cyber Fraud last year, social engineering - a prime example of industrialized criminal deception - is leaving modern society vulnerable in two separate ways.

COVID-19

Mobility and the Government Challenge

Information Security Media Group • March 10, 2020

Federal government agencies face unique cybersecurity risks, and as a result they often place tight restrictions on mobile devices in the workplace. Michael Campbell of Privoro says it's time to loosen these restrictions because they are negatively impacting missions, recruitment and retention.

Account Takeover Fraud

The Financial Services Security Disconnect

Nick Holland • March 5, 2020

A key disconnect exists between awareness of financial services fraud schemes and mitigation, according to the latest "Faces of Fraud" survey sponsored by Appgate. Mike Lopez, vice president at the firm, describes some key findings.

Anti-Money Laundering (AML)