Welcome to BankInfoSecurity's FFIEC Guidance Resource Center!

The latest news, views and education on the Federal Financial Institutions Examination Council's latest guidance on the risks and risk management controls necessary to authenticate services in an Internet banking environment.

Full Text of Final Guidance

Profiles in Leadership: Rob Hornbuckle

Mathew J. Schwartz • June 30, 2022

Beyond advising the seniormost levels of the business in the strategic use of technology, the need to recruit new cybersecurity professionals often also tops the list of tasks facing today's security leaders, says Rob Hornbuckle, CISO of Allegiant Air.

General Data Protection Regulation (GDPR)

How to Identify Critical Access Points

Latest

Critical Infrastructure Security

Cybersecurity Mesh is the Next Big Trend In Cybersecurity

Isa Jones • April 11, 2022

Ditch the old “castle-and-moat” methods. Instead, focus on critical access points and assets, making sure each individual point is protected from a potential breach.

3rd Party Risk Management

How to Maximize Application Intelligence

Tom Field • April 8, 2022

At a time when applications are more business-critical than ever - and visibility is more challenging to achieve - we need to discuss new strategies and tools for maximizing application intelligence. Sujay Pathakji of Axiom Telecom and Srudi Dineshan of Gigamon share insights.

3rd Party Risk Management

Why Third Parties Are an Organization's Biggest Risk Point

Tori Taylor • April 8, 2022

Hackers are exploiting third-party remote access. If you’re not taking third-party risk seriously, it’s just a matter of time until your company is the next headline.

Finance & Banking

Survey: State of Security Automation in Financial Services

Tom Field • April 1, 2022

When it comes to advanced threat response, 42% of financial institutions say their current abilities are average. Only 35% say automation currently plays a strong role. Josh Zelonis of Palo Alto Networks and Sid Srivastava of Accenture analyze the State of Security Automation in Financial Services.

Access Management

Why Access Governance Is Crucial For Strong Cybersecurity

Isa Jones • April 1, 2022

If an organization doesn’t know who is accessing what, how can they be trusted to make sure a bad actor isn’t gaining access to data, assets, or systems they shouldn’t?

CISO Trainings

Securing Industry 4.0: Insights From New Research

Tom Field • March 29, 2022

Eighty percent of survey respondents say they either are well on the way or getting started toward becoming a "smart manufacturing company." Cloud migration, business resiliency and securing OT environments are among their priorities. Del Rodillas of Palo Alto Networks analyzes the survey results.

CISO Trainings

How Has COVID-19 Changed CISO Approach to Data Security?

Tom Field • March 29, 2022

Fifty-three percent of survey respondents say cyberthreats became fiercer during COVID-19, and 17% say the pandemic disrupted their data security initiatives. These are among findings of a new survey sponsored by HelpSystems. Cary Hudgins analyzes the results and discusses how to put them to work.

Application Security & Online Fraud

How a Global Pandemic Changed the Fraud Landscape

Tom Field • March 14, 2022

Pete Barker was a cybersecurity Digital Loss Prevention practitioner before joining SpyCloud as Director of Fraud & Identity. He saw first-hand the impact of COVID-19 on fraud incidents, which are more automated and broadly targeted. He explains how "COVID changed all the rules" and how defenders can raise their game.

Cloud Security

Extending Zero Trust to Your SaaS Applications

Glenn Chisholm • March 3, 2022

Digital Identity

Why You Need Digital Trust to Enable Zero Trust

Tom Field • February 24, 2022

Zero trust, identity-first and perimeter-less security - they all need digital identities to establish digital trust. Join Sectigo's CSO and former Gartner analyst David Mahdi to learn about the importance of identity-first security and establishing digital trust for human and machine identities.