Wave Systems Corp. (fka WAVXQ)

[dude_danny]

Decoding the FAQ’s on the FFIEC Guidance on Authentication in an Internet Banking Environment - November 21, 2006
http://www.bankinfosecurity.com/webinars_details.php?webinar_id=71&PHPSESSID=41ad74003977c535baf...

Author: Susan Orr, CISA, CISM, CRP
Date: 2006-11-21
Source: BankInfoSecurity.com

*** Please log in, or register for a new account
to sign up for this webinar. ***



Time 1: Time 2: Time 3:
1:00PM Eastern Standard Time

Description: Since its release on October 12, 2005, the FFEIC Guidance on Authentication in an Internet Banking Environment, has created a great deal of confusion, uncertainty, and speculation and raised many questions as to what is actually required to comply with the guidance. Many have interpreted the Guidance deadline of December 31, 2006 to only apply to the completion of a risk assessment, others understood the Guidance to require the implementation of multifactor authentication, and some are confused as to who and even what the Guidance applies to.
In an effort to clarify the myriad of questions the Guidance evoked, the Agencies recently jointly developed and released a compilation of the most frequently asked questions received from financial institutions, examiners, and technology service providers concerning the October 12, 2005 Guidance. The Agencies provide direct answers to specific questions such as:

• Does the Guidance require the use of multifactor authentication?
• Are there banking applications where single factor authentication as the only control mechanism would be adequate?
• Are the Agencies recommending multifactor authentication over layered security or other compensating controls?
• What do the Agencies expect institutions to have accomplished by year-end 2006
• What if a solution can’t be implemented by year-end

dude_danny