On June 28, the FFIEC released its final, formal version of its Authentication Guidance. Not even one month later, we've created three new training programs to help banking institutions understand and conform with the guidance.
Dickie George of the National Security Agency has one word to describe the state of information security education today: "Spotty." And this state must improve if we hope to fill all the growing demand for security pros.
You know the tune: Cyber thieves pirated the town's banking credentials, arranged some bogus "payroll transactions" with the town's bank and then next thing you know ... money mules are transferring funds to the Ukraine.
It's not enough for banking institutions to conform to the FFIEC Authentication Guidance update. They also must ensure that their key vendors meet the same standards, says Philip Alexander of Wells Fargo Bank.
The U.S. government wants to move many services online, but the inability to authenticate customers and develop Trusted Identities has kept agencies from making the transition. This is a problem that could soon be resolved, says Mike Ozburn, principal of Booz Allen Hamilton.
"These are projects that were already...
Social media, mobility and cloud computing are new areas of risk for organizations, and risk managers need to go back to the fundamentals of understanding the information they are protecting, says Robert Stroud, ISACA's international vice president.
The FFIEC's updated online authentication guidance urges banks and credit unions to do better jobs of authenticating and identifying devices, areas that aren't bolstering the kind of security they could, says security expert Ori Eisen.
Now that the FFIEC Authentication Guidance update has been issued, there is no more important task for banking institutions than to conduct their risk assessments, says Matthew Speare of M&T Bank Corp.