Welcome to BankInfoSecurity's FFIEC Guidance Resource Center!

The latest news, views and education on the Federal Financial Institutions Examination Council's latest guidance on the risks and risk management controls necessary to authenticate services in an Internet banking environment.

Full Text of Final Guidance

Advance Your Security Awareness Training Program: Research Results Analysis

Anna Delaney • January 27, 2023

Sara Pan, senior product marketing manager at Proofpoint shares insights from Proofpoint's 2022 Security Awareness Study on how to improve security awareness training programs.

Security Operations

How to Predict New Account Risk

Latest

Customer Identity & Access Management (CIAM)

Spotting and Stopping Synthetic ID Fraud

Tom Field • October 27, 2022

Synthetic identity fraud is the fastest-growing financial crime in the country. By combining real and fabricated personal information, a synthetic identity is specifically designed to look and act like a valid identity - until it doesn’t, leaving financial losses and criminal activity in its wake.

Email Threat Protection

Enterprise Fraud and Financial Crimes Compliance: How Banks Need to Adapt

Information Security Media Group • October 27, 2022

View this webinar to learn about five emerging trends for next-gen fraud and financial crime management.

Anti-Money Laundering (AML)

Journey to AML Modernization

Information Security Media Group • October 26, 2022

View this webinar to learn about the building blocks for beginning the journey to security modernization.

Cloud Security

How to Achieve Cloud Security and Visibility Through Threat Detection

Tom Field • October 21, 2022

Russell Shupert of Veeva Systems explains the challenges faced in securing a complex environment. He discusses how his team overcame these challenges, the benefits they achieved and how Threat Stack's Cloud Workload Protection and Application Infrastructure Protection tool helped along the way.

3rd Party Risk Management

What to Do Based on 2022: Expert Analysis of TPSRM Survey

Tony Morbin • September 21, 2022

From SolarWinds to Kaseya, Accellion, Log4j and Okta, third-party security breaches are among the most devastating for organizations affected. Tony Morbin of ISMG dives into the story behind the results of a global survey with Demi Ben-Ari, the co-founder, CTO and head of security at Panorays.

3rd Party Risk Management

What Industry Is Most Vulnerable to a Cyberattack?

Tori Taylor • September 13, 2022

The data shows that every industry contains vulnerabilities and strengths, but there are a few standout points to consider.

Next-Generation Technologies & Secure Development

Hybrid Cloud Changes the Game for Security

Andrew Stevens • September 12, 2022

Embracing new technologies to gain benefits such as increased agility and rapid application delivery makes good business sense, but existing architectures also need to be maintained and secured to protect the critically important data residing on server workloads across the hybrid cloud.

Governance & Risk Management

SMBs! Forget Retainer-based Security Assessments: Demand Funded POCs

Adam Mansour • September 8, 2022

A new delivery model is surfacing for various assessment services - one that is going to be bad for SMBs, whose options were already limited.

3rd Party Risk Management

The Key To Compliance? Third-Party Management

Tori Taylor • August 30, 2022

They’re necessary contributors to the business ecosystem, but there’s risk associated with third-party remote access, including bad actors lurking around every access point.

Next-Generation Technologies & Secure Development

The Value of Digital Transformation

Andrew Stevens • August 30, 2022

With the increase in remote workers and proliferation of uncontrolled devices, your IT team has been migrating applications to the cloud along with building cloud-native applications to support the speed needed by the business.

Electronic Healthcare Records

Evolving Ransomware Threats on Healthcare

Adam Mansour • August 22, 2022

While healthcare as an industry is being most targeted by ransomware, health or medical clinics are by far the hardest hit.

Breach Notification

Lack of Access Management Is Causing Data Breaches

Isa Jones • August 18, 2022

The costs of hacks are rising, the amount of ransomware is rising, and the number of organizations that have been breached will also rise unless organizations take action.