Welcome to the SecAware blog

I spy with my beady eye ...

2 Aug 2006

FFIEC infosec manual

Although it is evidently intended to be an exam manual or study guide, the Federal Financial Institution Examination Council's IT Examination Handbook on Information Security could easily be mistaken as an information security manual. It bears more than a passing resemblance to ISO 17799, NIST, COBIT and SAS70 (amongst others) which are acknowledged as reference sources. There are "action summaries" containing key points from each section, such as this one for authentication: "Financial institutions should use effective authentication methods appropriate to the level of risk. Steps include: Selecting authentication mechanisms based on the risk associated with the particular application or services; Considering whether multi-factor authentication is appropriate for each application, taking into account that multifactor authentication is increasingly necessary for many forms of electronic banking and electronic payment activities; and Encrypting the transmission and storage of authenticators (e.g., passwords, personal identification numbers (PINs), digital certificates, and biometric templates)." A free 138 page infosec manual is not to be sneezed at.
More authentication and identity theft resources

No comments:

Post a Comment