Welcome to BankInfoSecurity's FFIEC Guidance Resource Center!

The latest news, views and education on the Federal Financial Institutions Examination Council's latest guidance on the risks and risk management controls necessary to authenticate services in an Internet banking environment.

Full Text of Final Guidance

Coding the Future: A DevOps Odyssey – Pioneering Automation, Innovation, and Collaboration

• September 26, 2023

Application Security & Online Fraud

The Evolution of Online Fraud in 2023 and Best Practices to Plug the Gaps

Advanced SOC Operations / CSOC

On Demand | The time for automation is now: How your attackers are using automation and why you need to get on board

Black Hat

CNAPPs Emerge as a Game Changer in Cloud Security

Governance & Risk Management

Evolving Cybersecurity: Embrace an Infinite Defense Strategy

Endpoint Security

On Demand | The evolution of complex threats: Defining a modern and sophisticated threat and what that means for your SOC

Security Operations

On Demand | With more data, comes more responsibility: The open nature of XDR and cross-domain telemetry

Black Hat

Securing Applications, Accelerating DevOps With Clean Code

Latest

Artificial Intelligence & Machine Learning

Gen AI: Why Organizations Need to Weaponize the Weapon

Michael Novinson • August 18, 2023

The democratization of AI has proved to be a double-edged sword - both enabling cyberattacks and defending against them. Generative AI can help organizations effectively correlate signals, identify threats and deploy countermeasures before attacks escalate, said Fleming Shi, CTO at Barracuda.

Threat Activity Clusters: Defenders' Way to Fight Ransomware

Michael Novinson • August 18, 2023

Threat clusters can be used to identify patterns of malicious behavior that traditional attribution in cybersecurity strategies could miss. These patterns can be used to develop early warning systems and prioritize resources for investigation and response, said John Shier, field CTO at Sophos.

Black Hat

KillNet: The Next-Generation DDoS Group?

Tom Field • August 18, 2023

DDoS attacks often disrupt the normal functioning of a targeted server, service or network by overwhelming it with a flood of traffic. KillNet, a collective of Russian-aligned hacktivists known for its DDoS attacks, gained attention by successfully taking down several U.S. government websites.

Artificial Intelligence & Machine Learning

Navigating the Security Landscape of Generative AI

Tom Field • August 18, 2023

The advent of generative AI has increased the importance of enterprise browsers as the interface through which users interact with this technology. Enterprise browsers have gained prominence with their role in organizational workflows, which had been somewhat overlooked in the past.

Artificial Intelligence & Machine Learning

Seamlessly Curate Software Packages Entering Your Organization

August 17, 2023

Artificial Intelligence & Machine Learning

Convergence of Cyber and Physical Security for a Safer World

Tom Field • August 17, 2023

Historically, IT and physical security teams have served in separate areas, but that is changing due to emerging threats such as a drone that landed on a firm's roof to steal data. Both teams need to be alerted to threats, said Kelly Rein, senior director of product at Claro Enterprise Solutions.

Cisco Secure Access: SSE That Enables the Business

Jeff Scheaffer, Vice President of Product Management (SSE, SASE and Security Cloud) • August 8, 2023

Cisco Secure Access is a security service edge solution that delivers zero trust access to efficiently solve today's challenge of safely connecting anything to anywhere and reimagines the experience to make it better for users, easier for IT and safer for everyone.

AI in XDR: When Does It Make Sense?

AJ Shipley, Vice President, Product - Threat Detection & Response • August 8, 2023

ChatGPT set the world on fire six months ago, and since then a slew of companies have released features or products built on or around generative AI - some of them completely legitimate and some of them little more than snake oil. Does AI makes sense everywhere for everything? Absolutely not.

Application Security & Online Fraud

What You Should Know About Open Source License Compliance for M&A Activity

Sam Quakenbush • August 1, 2023

Companies are increasingly concerned about the security of applications built on open source components, especially when they’re involved in mergers and acquisitions. Just like copyright for works of art, each piece of open source software has a license that states legally binding conditions for its use. Licenses...

Application Security & Online Fraud

Why Open Source License Management Matters

Adam Murray • August 1, 2023

The ongoing rise in open source vulnerabilities and software supply chain attacks poses a growing threat to businesses, which heavily rely on applications for success. Between 70 and 90 percent of organizations’ code base is open source, while vulnerabilities such as Log4j have significantly exposed organizations...

Fraud Management & Cybercrime

Faster Payments, Faster Fraud - and Emerging Solutions

Tom Field • July 27, 2023

It has become a cliche in payments circles: Faster payments equals faster fraud. But John Filby and Yogesh Patel of Outseer say behavioral biometrics and generative AI are among the emerging technologies fueling new ways to empower layered defenses.

Endpoint Security

Security Alert: Exploit Chain Actively Hits ColdFusion

Mathew J. Schwartz • July 18, 2023

Warning: Hackers are actively exploiting a flaw in Adobe's ColdFusion rapid web application development platform to execute malicious code. While Adobe attempted to patch the flaw, researchers say attackers appear to have found a way to bypass it by chaining together multiple flaws.

Get Daily Email Updates

Covering topics in risk management, compliance, fraud, and information security.

By submitting this form you agree to our Privacy & GDPR Statement

Please fill out the following fields:

BankInfoSecurity

InfoRiskToday

DataBreachToday

CareersInfoSecurity

Featured Events

View All Events

Welcome to BankInfoSecurity's FFIEC Guidance Resource Center!

The latest news, views and education on the Federal Financial Institutions Examination Council's latest guidance on the risks and risk management controls necessary to authenticate services in an Internet banking environment.

Coding the Future: A DevOps Odyssey – Pioneering Automation, Innovation, and Collaboration

The Evolution of Online Fraud in 2023 and Best Practices to Plug the Gaps

On Demand | The time for automation is now: How your attackers are using automation and why you need to get on board

CNAPPs Emerge as a Game Changer in Cloud Security

Evolving Cybersecurity: Embrace an Infinite Defense Strategy

On Demand | The evolution of complex threats: Defining a modern and sophisticated threat and what that means for your SOC

On Demand | With more data, comes more responsibility: The open nature of XDR and cross-domain telemetry

Securing Applications, Accelerating DevOps With Clean Code

Latest

Gen AI: Why Organizations Need to Weaponize the Weapon

Threat Activity Clusters: Defenders' Way to Fight Ransomware

KillNet: The Next-Generation DDoS Group?

Navigating the Security Landscape of Generative AI

Seamlessly Curate Software Packages Entering Your Organization

Convergence of Cyber and Physical Security for a Safer World

Cisco Secure Access: SSE That Enables the Business

AI in XDR: When Does It Make Sense?

What You Should Know About Open Source License Compliance for M&A Activity

Why Open Source License Management Matters

Faster Payments, Faster Fraud - and Emerging Solutions

Security Alert: Exploit Chain Actively Hits ColdFusion

Resources

MITRE and XDR Integration | Enhancing Threat Detection and Prioritization of Advanced Threats

Threat Activity Clusters: Defenders' Way to Fight Ransomware

Coding the Future: A DevOps Odyssey – Pioneering Automation, Innovation, and Collaboration

Featured Events

Financial Services Cybersecurity Summit

Around the Network

Threat Modeling Essentials for Generative AI in Healthcare

Zero Trust, Auditability and Identity Governance

Critical Considerations for Generative AI Use in Healthcare

Inside Look: FDA's Cyber Review Process for Medical Devices

Addressing Security Gaps and Risks Post-M&A in Healthcare

Why Connected Devices Are Such a Risk to Outpatient Care

Why OT Security Keeps Some Healthcare Leaders Up at Night

Generative AI: Embrace It, But Put Up Guardrails

The State of Security Leadership

Why Entities Should Review Their Online Tracker Use ASAP

Welcome to BankInfoSecurity's FFIEC Guidance Resource Center!

The latest news, views and education on the Federal Financial Institutions Examination Council's latest guidance on the risks and risk management controls necessary to authenticate services in an Internet banking environment.

Latest

Get Daily Email Updates

Please fill out the following fields:

Subscription Preferences:

Resources

Featured Events

Around the Network

Threat Modeling Essentials for Generative AI in Healthcare

Zero Trust, Auditability and Identity Governance

Critical Considerations for Generative AI Use in Healthcare

Inside Look: FDA's Cyber Review Process for Medical Devices

Addressing Security Gaps and Risks Post-M&A in Healthcare

Why Connected Devices Are Such a Risk to Outpatient Care

Why OT Security Keeps Some Healthcare Leaders Up at Night

Generative AI: Embrace It, But Put Up Guardrails

The State of Security Leadership

Why Entities Should Review Their Online Tracker Use ASAP