Last month, the FFIEC issued an FAQ about its Cybersecurity Assessment Tool, reiterating that use of the tool is voluntary. But some critics say regulators are still questioning institutions about their use of the tool during IT examinations, meaning its use is not truly voluntary.
The FFIEC's Cybersecurity Assessment Tool needs to be redesigned, as the tool's current design sets institutions up for cyber-risk assessment failure. Industry leaders say they're hopeful that change is on the way because the FFIEC is reviewing a second wave of comments about the tool's efficacy.
Soon, ongoing and persistent attacks waged for cyber-espionage and the compromise of personal and corporate information will be primary concerns for the financial services industry.
In the wake of the breaches suffered by JPMorgan Chase, Sony and Anthem, attack attribution and information sharing are playing more prominent roles for banking leaders, and they will be key discussion points at the upcoming RSA Conference 2015 in San Francisco.
Could too much regulatory oversight hinder cyberthreat information sharing, rather than encourage it? That's an increasing concern for bankers, who argue regulators could bog down progress in cybersecurity.
RSA 2014 will offer many insights on how banking institutions can address a wide variety of security threats. Here's a guide to educational opportunities.
Our inaugural Fraud Summit on Oct. 22 at the Meadowlands in New Jersey will feature an impressive lineup of information security leaders offering timely insights about practical risk mitigation strategies.
Preliminary results of the 2013 Faces of Fraud Survey show institutions are still suffering big financial losses linked to ACH and wire fraud. Why are they still getting hit, in spite of investments to detect and prevent account takeover?
Distributed-denial-of-service attacks pose a persistent, genuine threat to all sectors. That's why we've created the DDoS Resource Center to fill the information gaps.
Despite what's now been a two-month break from hacktivists' DDoS attacks on banks, we can expect more assaults from Izz ad-Din al-Qassam Cyber Fighters. And this next wave should concern us all. Here's why.
Hacktivists may have halted their attacks, but DDoS strikes against U.S. banks continue. Download-flooding attacks that took aim at two banks last week demonstrate the need for continued vigilance.
How are banking institutions responding to today's fraud threats, and what strides have they made to mitigate their risks? The 2013 Faces of Fraud Survey aims to answer those questions and more.
What can U.S. and European organizations learn from Asia-Pac about advanced mobile tech and increasing cyberthreats? That's a question I hope to answer while in Singapore for RSA Conference Asia Pacific 2013.
The FDIC, in a notice to consumers, highlights questions that customers should be asking banks about DDoS attacks. But is the notice an indicator that more regulatory oversight is ahead?
Community banks must address DDoS risks. But they need more support and direction from vendors and core processors to know which mitigation strategies to pursue.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing ffiec.bankinfosecurity.com, you agree to our use of cookies.