Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Tuesday, February 21, 2006

Last October, a relatively obscure government body called the Federal Financial Institutions Examina

Last October, a relatively obscure government body called the Federal Financial Institutions Examination Council, or FFIEC, issued what it called guidance but which looks much like a mandate.  Starting in January 2007, financial institutions must provide consumers of online financial services with the same security protection enjoyed by customers buying groceries or gas with a debit card: strong authentication.

And on the surface it appears that forcing banks to add a second factor of authentication could improve the well-documented, rapidly deteriorating state of online security.  It’s not clear, for example, that a second factor will significantly reduce “modern” risks; we could be preparing for the next war by planning for the last one.

It’s also unclear if financial companies can balance the cost of scaling two-factor authentication for the masses versus the benefit of whatever risk reduction it might provide.

The FFIEC guidance is the latest incarnation of a security truism: Threats don’t disappear, they migrate, or else over time they mutate to overcome the defenses deployed against them.

http://www.csoonline.com/read/020106/second_thoughts.html

Posted on 02/21
FinancialPermalink