Welcome to BankInfoSecurity's FFIEC Guidance Resource Center!

The latest news, views and education on the Federal Financial Institutions Examination Council's latest guidance on the risks and risk management controls necessary to authenticate services in an Internet banking environment.

Full Text of Final Guidance

Cloud Security and the Evolving Role of the Firewall

Tom Field • May 8, 2025

As organizations and cybersecurity threats have both moved to cloud, what role will the traditional firewall continue to play? A significant and evolving one, says Rich Campagna of Palo Alto Networks. He talks about this role and how AI is being employed in new solutions.

►

Data Privacy

How Linking Identity, Data Security Can Help Cyber Response

►

Events

How Generative AI Enables Solo Cybercriminals

Events

Agentic AI Tackles Network Outage Prevention Challenges

AI vs. AI: The New Cybersecurity Battlefield

Latest

Events

The Importance of Quantifying Security Risk for the Board

Michael Novinson • April 29, 2025

Quantifying the potential cost impact of a cyberattack on a critical business operation and demonstrating how to reduce that risk to a more acceptable level is crucial for CISOs gaining cybersecurity budget buy-in from the CFO, board and others, said Sumedh Thakar, president and CEO of Qualys.

Cyberwarfare / Nation-State Attacks

Ukrainian Signal Users Fall to Russian Social Engineering

Akshaya Asokan • February 19, 2025

Russian nation-state hackers are using phishing attacks to target Ukrainian users of the chat app Signal, say security researchers. Rather than circumventing Signal's end-to-end encryption via a cryptographic attack, attackers use malicious prompting to prod victims into exposing messages.

Data Privacy

5 Successful Strategies to Overhaul Your Data Security

Druva • February 13, 2025

IT and security teams spend countless hours and dollars managing and maintaining infrastructure and storage to protect their data. So, what does it take to build stronger data security and resiliency? Watch this webinar to learn how 5 different organizations found a path to better security.

Cloud Security

From Data Security Blind Spots to Recovery: Close Your Cyber Resilience Gaps

Druva • February 13, 2025

Traditional cybersecurity defenses alone won’t cut it anymore. Organizations need a resilient, well-rounded strategy for fast, clean recovery and continuity. Watch now to learn how to enhance data immutability, security, and cyber remediation to reduce business impact.

Data Masking & Information Archiving

Top 10 Technical Predictions for 2025

Druva • February 13, 2025

Join data experts as they talk about their technical predictions for this year and look back on how well they did last year. The discussion will involve hot topics such as data security in the age of AI and AI-driven simplification of product usability

AI-Powered SASE

AI Access: Get Visibility Into What's Being Used and How

Tom Field • February 6, 2025

Visibility into access - it's been the bane of many organizations' efforts to understand where and how generative AI is being used throughout the extended enterprise. Jason Georgi of Palo Alto Networks, shared insights into new strategies and tools that overcome the risks of mismanaged access.

Events

Proactive Defense Dominates Discussions at ISMG Fraud Summit

Pooja Tikekar • May 27, 2024

Information Security Media Group's Fraud, Security and Risk Management Summit brought together a diverse group of cybersecurity leaders and experts in New York City for a comprehensive day of education and collaboration on payment fraud, identity theft and third-party risk management.

Cyber Insurance

Cyber Insurers Pledge to Help Reduce Ransom Payments

Mathew J. Schwartz • May 14, 2024

A coalition of cyber insurance associations has pledged to back fresh government cybersecurity guidance designed to help victims avoid ever paying a ransom as part of an ongoing push to reduce ransomware's profitability for criminals, in part by improving organizations' resilience and recovery.

Multi-factor & Risk-based Authentication

How to Prevent Attacks that Bypass MFA

CISCO • May 13, 2024

Join for an engaging discussion on how attackers are bypassing MFA and what you can do to prevent them.

CISO Trainings

New Regulations Pose Compliance Challenges

Information Security Media Group • April 2, 2024

The new SEC rules, which took effect in late 2023, introduce mandatory cyber-incident reporting requirements for all U.S.-listed companies.

Governance & Risk Management

Backdoor Found and Defused in Widely Used Linux Utility XZ

Mathew J. Schwartz • April 1, 2024

Nation-state attackers apparently backdoored widely used, open-source data compression software as part of a supply chain attack. Malicious code inserted into recent versions of XZ Utils was designed to facilitate full, remote access to an infected system.