Welcome to BankInfoSecurity's FFIEC Guidance Resource Center!

The latest news, views and education on the Federal Financial Institutions Examination Council's latest guidance on the risks and risk management controls necessary to authenticate services in an Internet banking environment.

Full Text of Final Guidance

DTEX Case Study: Williams Racing

Information Security Media Group • April 14, 2021

View this case study to learn how Williams Racing has applied Workforce Cyber Intelligence to keep its employees, equipment and IP safe as they work remotely and travel the globe.

Next-Generation Technologies & Secure Development

DTEX Case Study: VicTrack

Fraud Management & Cybercrime

OnDemand Webinar | Measuring Risk in Self-Service: Data Analysis on Real IVR Traffic

Application Security

Purpose Built: Securing vSphere Workloads

Latest

Encryption & Key Management

How Unprotected Encryption Keys Enabled the SolarWinds Attack

Doug Olenick • March 5, 2021

The Senate Intelligence Committee hearing on the SolarWinds supply chain attack exposed the crucial flaw that allowed attackers, likely Russian, to gain entry into the company's system. Brad Beutlich of Entrust discusses how SolarWinds did not protect its encryption keys, which allowed them to be stolen and used by...

DevSecOps

OnDemand Webinar | Security Education for Developers

Information Security Media Group • March 12, 2021

Watch this episode of the "On The Road to DevSecOps" series to learn from a group of DevOps experts on why AppSec Awareness and Training matters and how to give your developers secure coding education that works.

DevSecOps

OnDemand Webinar | Public Sector Digital Transformation and Secure Software

Information Security Media Group • March 12, 2021

Software is at the center of it all, placing increased pressure on developers, security managers, and DevOps leaders to develop applications faster. However, this need for speed comes at a price, and security can be seen as a blocker and not an enabler. Watch this webinar to understand why it's time to prioritize your...

Next-Generation Technologies & Secure Development

On Demand Webinar | How to Effectively Manage the Modern Risks of Open-Source Code

Information Security Media Group • March 11, 2021

Watch this webinar to learn how to identify open source with confidence, minimize risk, prioritize remediation when issues arise & more.

Security Operations

ROI Case Study - Nucleus Research: European Financial Services Institution

Information Security Media Group • March 11, 2021

Next-Generation Technologies & Secure Development

What a Modern Threat Intelligence Program Should Be

Tom Field • March 2, 2021

Many enterprises have what they consider to be mature threat intelligence programs. Yet they continue to be breached. Where is the disconnect? Gene Yoo, CEO of Resecurity, describes what’s wrong with TI programs today, as well as the essential elements of a modern threat intelligence program.

Fraud Management & Cybercrime

Ransomware: How to Regain Lost Ground

Tom Field • February 25, 2021

Amid a surge in destructive ransomware attacks, Datto CISO Ryan Weeks says we “are losing ground” to the adversaries. He offers insight from a new Global Ransomware Report and the start of a multisector Ransomware Task Force.

Identity & Access Management

OnDemand Webinar: 2021 State of Physical Access Control

February 24, 2021

Watch this OnDemand webinar to learn more about the data uncovered during this unprecedented year and how organizations are seeking to implement and extend modern security capabilities.

Finance & Banking

Human Challenge: Hard For Humans, Easy For Bots

Information Security Media Group • February 18, 2021

Listen to this podcast to learn how a leading cybersecurity company is combating bad bots and making web apps’ user experience easier using Human Challenge.

COVID-19

Zero Trust: The New Reality

Tom Field • February 16, 2021

COVID-19 didn’t spark digital transformation – it accelerated it. And as a result, what used to be cybersecurity’s IAM exceptions are now the rule. It’s a new reality and a new opportunity for the zero trust model, says Dr. Amit Sinha of Zscaler.

Application Security

Fraud Prevention Without Friction

Tom Field • February 11, 2021

E-commerce and fraud - they evolved and grew together in 2020, and it's time for fraud defenses to do the same. Smriti Jaggi of F5 details how to deploy a multi-layered fraud defense without adding extra friction to the process.

Cloud Security

Your Microsoft 365 productivity cloud and the backup it deserves

Barracuda Networks • February 8, 2021

Get answers to all your questions about how to seize cloud opportunities and realize your business’ potential—while also protecting all your data beyond what’s possible on-premises—in this wide-ranging conversation among experts and thought leaders from Microsoft and Barracuda. And a sneak peek of the Cloud to...