Welcome to BankInfoSecurity's FFIEC Guidance Resource Center!

The latest news, views and education on the Federal Financial Institutions Examination Council's latest guidance on the risks and risk management controls necessary to authenticate services in an Internet banking environment.

Full Text of Final Guidance

How a Layered Security Approach Can Minimize Email Threats

Sam Kumarsamy • May 31, 2023

Attackers adapted their email-based techniques throughout 2022, cycling through tactics in the hopes of evading human and cybersecurity measures. The 2023 OpenText Cybersecurity Threat Report confirms that building a multilayered approach to defense is core to cybersecurity and cyber resilience.

Active Defense & Deception

Why Security Posture Management is Crucial for Cloud Email

Latest

Business Email Compromise (BEC)

Key Findings of Proofpoint's 2023 State of the Phish Report

May 2, 2023

Events

Enterprise Browser Is More Than Just Security

Michael Novinson • April 28, 2023

Virtual desktop infrastructure has been around for years as an option to secure hardware and systems, but VDI often causes friction for the business and can be unpopular with users. Island Security is taking on those challenges with its Enterprise Browser by managing everything in the browser.

Inside the Secret World of Humint: The Art of Human Intelligence Gathering

April 27, 2023

Everyone has their favorite threat intelligence feeds, and information sharing is a must between public and private sectors. But don't overlook the power of cyber human intelligence, says Michael DeBolt of Intel 471. In fact, HUMINT is an imperative, not an option, he says.

Governance & Risk Management

Handling Open-Source Content Licensing: Wrong Answers Only

Tony Morbin • April 26, 2023

When you create proprietary code, even using a component of open-source code within a subcomponent could cause your project to become open-source code.Jeanette Sherman of Mend Security discusses the need to identify open-source code and the license types being used.

Enhanced Security Resilience for Government

Tom Field • April 20, 2023

Post-digital transformation, in a world of hybrid work and multi-cloud environments, government agencies in particular sometimes struggle to detect and respond to threats across the expanded attack surface. Peter Romness of Cisco talks about new strategies to defend these broad environments.

5 Cybersecurity Pillars Where 85% of Companies Are Lagging

Tom Gillis • April 12, 2023

Cisco's Cybersecurity Readiness Index shows a mere 15% of global organizations rank as mature across five security pillars.

Threat Report Reveals Hope Despite Active Threat Landscape

Grayson Milbourne • April 12, 2023

Companies have rapidly adopted digital strategies to fuel growth and profitability, yet many of these changes have inadvertently accelerated the risk of cyberattacks. As evidenced by the recently released 2023 OpenText Cybersecurity Threat Report, cybercriminals are taking advantage of these gaps.

Gaining the Intelligence Advantage with Cyber Human Intelligence Gathering

Tom Field • March 29, 2023

Active Defense & Deception

Deception: The Secret Weapon Against Identity-Based Attacks

Michael Leland , Joseph Salazar • March 29, 2023

Join this virtual discussion to discover the power of deception in defending against the most sophisticated identity-based atta

Advanced Authentication: Trust Your Digital ID in Mainframe

Tony Morbin • March 24, 2023

Network boundaries have dissipated while changes in regulation and customer approaches to trust now require more advanced authentication and the ability to treat each authentication in relation to its specific risk level. Broadcom's Mary Ann Furno discusses these issues.