funsec mailing list archives
New Internet Banking guidance issued (FFIEC)
From: Gary Warner <gar () askgar com>
Date: Mon, 24 Oct 2005 14:39:40 -0500
In the US, the FFIEC is a group that measures compliance with FDIC rules for banking. Its made up of the Board of Governors of the Federal Reserve, the FDIC, the National Credit union administration, the Office of the Comptroller of the Currency, and the Office of Thrift Supervision.
(There are 8,874 FDIC-insured institutions with more than $10 Trillion in assets)
Anyway, the FFIEC has released a 14 page PDF that basically says "one factor authentication is not adequate to protect access to online banking systems".
http://www.ffiec.gov/pdf/authentication_guidance.pdf The accompanying press release, October 12th, http://www.ffiec.gov/press/pr101205.htmmakes it clear that banks who do not "tighten up" their Internet authentication, may have trouble passing their Information Technology review. Those doing the inspection use an FFIEC Information Technology Examination Handbook for "Just In Time" training, which is updated online to reflect current standards for examination.
===========Gar was curious, so he tried to find out how FFIEC trains their Examiners . . . check this out . . .
=========== The Training "InfoBase" is here: http://www.ffiec.gov/ffiecinfobase/index.html The "current" training presentations are indexed here:http://www.ffiec.gov/ffiecinfobase/html_pages/presentations_frameset.htm
and it contains many "presentations" about particular topics, such as the "E-Banking" presentation:
(flash version) http://www.ffiec.gov/ffiecinfobase/presentations/ebanking_pres_page.html (August 2003)
(script) http://www.ffiec.gov/ffiecinfobase/presentations/ebank_pres.pdf(You should also check out the "IT Security" training presentation -- the "current" version is December 2002).)
_-_ gar _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- New Internet Banking guidance issued (FFIEC) Gary Warner (Oct 24)