Briefly describe the #1 problem you have encountered with implementing Multi-Factor Authentication.
|
|
- Douglas Chapman
- 8 years ago
- Views:
Transcription
1 Polling Question Briefly describe the #1 problem you have encountered with implementing Multi-Factor Authentication. Please type in your response. This poll will close promptly at 1:00 pm CDT
2 Getting the Facts on Multi-Factor Webinar Donna Dodson National Institute of Standards and Technology (NIST) Kimberly Cahill, NBE, CISA Bank Information Technology Analyst Comptroller of the Currency Gary Greenwald Managing Director, Cash Management Capabilities and Information Products Citigroup Corporate and Investment Bank
3 Getting the Facts on Multi-Factor Webinar Donna Dodson National Institute of Standards and Technology (NIST)
4 E-Authentication Guidance OMB 04-04, E-Authentication Guidance for Federal Agencies Defines four levels of assurance in term of the consequences of authentication errors and misuse of credentials Risk assessment reviewing privacy, inconvenience, damage to reputation, harm to agencies and programs, financial liability, crime, safety NIST Special Publication , Electronic Authentication Guideline Establishes technical requirements to meet four levels of assurance Identity proofing, tokens, credentials, protocols, assertions
5 Authentication Model Local or Remote Players Claimants Subscribers Registration Authorities Credential Service Provider Verifiers Relying Parties
6 Authentication Elements Token something that the claimant possesses and controls (typically a key or password) used to authenticate the claimant s identity Credential An object that authoritatively binds an identity to a token possessed and controlled by a person Assertion - a statement from a verifier to a relying party that contains identity information about a subscriber
7 Authentication Factors Something you know Typically some kind of password Something you have For local authentication typically an ID card For remote authentication typically a cryptographic key hard & soft tokens Something you are A biometric Problematic without supervision Capture can deter fraud even if not checked in authentication process The more factors, the stronger the authentication
8 Tokens Single-factor token a token that utilizes one of the three factors to achieve authentication. For example, a password is something you know, and can be used to authenticate the holder to a remote system. Multi-factor token a token that utilizes two or more factors to achieve authentication. For example, a private key on a smart card that is activated via PIN is a multi-factor token. The PIN is something you know and the smart card is something you have.
9 Common Types of Tokens Memorized secret token Pre-registered knowledge token Look-Up secret token Out of band token One time password device Software cryptographic token Hardware cryptographic token
10 Token Selection Considerations Security considerations Single factor vs multifactor vs multitoken Hardware vs software Protocol Associations Costs Usability
11 Polling Question Have you fully implemented a Multi-Factor Authentication program per the FFIEC guideline? Yes No
12 Getting the Facts on Multi-Factor Webinar Kimberly Cahill, NBE, CISA Bank Information Technology Analyst Comptroller of the Currency
13 Disclaimer The views and opinions expressed are not official positions of the FFIEC or the Comptroller of the Currency.
14 Agenda What Prompted Guidance Guidance Other Considerations
15 What Prompted the Guidance? Cybercrime yielding more cash than drugs TJX data breach info used to make fraudulent purchases. In 2006, there were in excess of 315 publicized breaches affecting nearly 20 million individuals. Lost or stolen customer information cost surveyed companies as much as $22million
16 Common Threats Losing Data Hacking Phishing Pharming Spying Disgruntled Insiders Criminals Terrorists
17 Consumer Concern 67% are very concerned about identity theft. 73% worried about fraudulent use 25% say stopped buying online 57% say switch banks for better security
18 Authentication Guidance OCC Bulletin
19 Guidance The level of authentication used by the FI should be appropriate to the risks associated with those products and services. FIs should conduct a risk assessment to identify the types and levels of risk associated with their Internet banking applications. Where risk assessments indicate that the use of single-factor authentication is inadequate, FIs should implement multifactor authentication, layered security, or other controls reasonably calculated to mitigate those risks. The agencies consider single-factor authentication, as the only control mechanism, to be inadequate in case of high-risk transactions
20 Key Principals of the Guidance 4 Principles Risk Based Process Based Not prescriptive Technology neutral
21 Key Steps for Conformance Risk Assessment Implement Risk Mitigation Strategy Customer Awareness Adjust the program
22 Risk Assessment Identify and rank high risk Internet transactions Describe specific customer information viewable during Internet sessions Evaluate current authentication procedures Identify any gaps
23 Acceptable Risk Mitigation Techniques Where risk assessments indicate that the use of single-factor authentication is inadequate, financial institutions should implement: multifactor authentication, layered security, or other controls reasonably calculated to mitigate those risks.
24 Authentication Selection Multifactor Token Biometrics Smart cards One-time passwords Layered Security Transaction analysis (Unusual Behavior) IP Address Challenge/Response questions Out-of-band confirmations
25 Other Risk Controls Content Minimize (mask) confidential information Segregate access Separate basic info, bill payment, funds transfer Accessibility Encrypt confidential information
26 Monitoring and Reporting Audit Features - Behavior Patterns Service Provider s Reports Independent Audit Review Report to Board
27 Customer Awareness New FTC Education Website Key defense, but not a control Continue efforts Track your efforts (Call center, clicks on alert and disclosure links, type of marketing, trends in losses)
28 Acct Origination & Verification Reliable identity verification at origination is critical for: Compliance w/ USA Patriot Act Relevance of subsequent authentication practices Negative confirmation Positive confirmation Out-of-wallet questions
29 Bottom-Line An acceptable solution today might not be acceptable tomorrow.the bad guys are just as smart as the good guys developing the solution Banks need an on-going risk assessment process!
30 Bank Supervision Policy FFIEC Information Security Booklet 12 CFR 30, Appendix B OCC : Online Authentication OCC : Website Spoofing OCC : Customer Notification OCC : Disposal of Consumer Info FAQs on Guidance
31 Polling Question Implementing Multi-Factor Authentication has met my expectations. Strongly Agree Agree Agree Somewhat Disagree Strongly Disagree
32 Getting the Facts on Multi-Factor Webinar Gary Greenwald Managing Director, Cash Management Capabilities and Information Products Citigroup Corporate and Investment Bank
33 The Opportunity Look beyond website access control Paperless workflows Legally binding electronic signatures Document integrity and rights management
34 Case Study: Pharmaceutical Electronic submissions to the FDA Costs are rising Time to market is long Paper intensive What are we providing? Identity issuance Compliance with strict FDA regulations Operational infrastructure
35 Case Study: Managing Corporate Bank Accounts Need for better process Visibility Control Efficiency What are we providing? Standard for account opening and managing corporate bank accounts, working with industry groups A single digital identity across banks End-user interface
36 Case Study: Corporate Payment Files Improved process for straight through processing (STP) of payment files Driven by Industry move to STP and even corporate SWIFT connectivity Issue: What individual has released the payment file? Is he/she entitled? Use of digital signatures to confirm identity of the senders, provide audit trail, etc.
37 Role of Banks Sit above technology layer Focus on high assurance Using multi factor tools for strong authentication Positions banks as leaders Focus on what banks do well KYC Trusted parties Subject to regulatory oversight Know and understand the importance of strong policies and legal structures Integral part of the global payment and trade infrastructure Extensions into public sector, consumers and other verticals
38 Q&A Using the CHAT Window on the right side of your screen, send a text directly to ALL PANELISTS
Frequently Asked Questions on FFIEC Guidance on Authentication in an Internet Banking Environment. August 15, 2006
Board of Governors of the Federal Reserve System Federal Deposit Insurance Corporation National Credit Union Administration Office of the Comptroller of the Currency Office of Thrift Supervision Frequently
More informationOnline Cash Management Security: Beyond the User Login
Online Cash Management Security: Beyond the User Login Sonya Crites, CTP, SunTrust Anita Stevenson-Patterson, CTP, Manheim February 28, 2008 Agenda Industry Trends Government Regulations Payment Fraud
More informationE-Banking Regulatory Update
E-Banking Regulatory Update Hal R. Paretchan, CISA, CISSP, CFE Information Technology Specialist Federal Reserve Bank of Boston Supervision, Regulation & Credit (617) 973-5971 hal.paretchan@bos.frb.org
More informationPayments Fraud: It's Not Fun & Games
Payments Fraud: It's Not Fun & Games Claudia Swendseid Senior Vice President Payments Information & Outreach Office Federal Reserve Bank of Minneapolis NACHA Payments 2015 Claudia Swendseid Senior Vice
More informationTHE FFIEC CHALLENGE A Call for Reliable Authentication
THE FFIEC CHALLENGE A Call for Reliable Authentication March 14, 2006 ISACA LOS ANGELES RISK ADVISORY SERVICES INFORMATION RISK MANAGEMENT Agenda The FFIEC Challenge Current/Future Authentication Scenarios
More informationRich Furr Head, Global Regulatory Affairs and Chief Compliance Officer, SAFE-BioPharma Association. SAFE-BioPharma Association
Navigating the Identity Landscape Rich Furr Head, Global Regulatory Affairs and Chief Compliance Officer, SAFE-BioPharma Association SAFE-BioPharma Association Overview An overview of US and EU government
More informationAuthentication Tokens
State Capitol P.O. Box 2062 Albany, NY 12220-0062 www.its.ny.gov New York State Information Technology Standard IT Standard: Authentication Tokens No: NYS-S14-006 Updated: 05/15/2015 Issued By: NYS ITS
More informationESET Secure Authentication
ESET Secure Authentication Second factor authentication and compliance Document Version 1.2 6 November, 2013 www.eset.com ESET Secure Authentication - second factor authentication and compliance 2 2 Summary
More informationPursuing Compliance with the FFIEC Guidance Risk Assessment 101 KPMG RISK ADVISORY SERVICES
Pursuing Compliance with the FFIEC Guidance Risk Assessment 101 KPMG RISK ADVISORY SERVICES Contents PART I An Increasing Threat: Identity Theft The FFIEC Response Risk Assessment Fundamentals The FFIEC
More informationSound Business Practices for Businesses to Mitigate Corporate Account Takeover
Sound Business Practices for Businesses to Mitigate Corporate Account Takeover This white paper provides sound business practices for companies to implement to safeguard against Corporate Account Takeover.
More informationWhat s it all about? SAFE-BioPharma Association
What s it all about? SAFE-BioPharma Association Topics! ONC HIT Standards Committee! ASTM Standards 2 SAFE-BioPharma Association ONC HIT Standards Committee! Oct 21 st meeting Security & Privacy Consumer
More informationFFIEC Supplemental Guidance to Authentication in an Internet Banking Environment. Robert Farmer Senior Technology Compliance Manager
FFIEC Supplemental Guidance to Authentication in an Robert Farmer Senior Technology Compliance Manager 1 888 250 4400 Effective Date The FFIEC Supplement to Authentication in an was issued on June 28,
More information2014 Payments Fraud Survey
2014 Payments Fraud Survey Summary of Consolidated Results Payments Information & Outreach Office Federal Reserve Bank of Minneapolis December 2014 Topics Survey Methodology & Respondent Profile Fraud
More informationNIST E-Authentication Guidance SP 800-63 and Biometrics
NIST E-Authentication Guidance SP 800-63 and Biometrics September 21, 2004 Bill Burr william.burr@nist.gov OMB M-0404 Guidance on E-Auth Part of E-Government initiative put services online About identity
More informationA unique biometrics based identifier, such as a fingerprint, voice print, or a retinal scan; or
SBA Procedural Notice TO: All SBA Employees CONTROL NO.: 5000-1323 SUBJECT: Acceptance of Electronic Signatures in the 7(a) and 504 Loan Program EFFECTIVE: 10/21/14 The purpose of this Notice is to inform
More informationMulti-Factor Authentication of Online Transactions
Multi-Factor Authentication of Online Transactions Shelli Wobken-Plagge May 7, 2009 Agenda How are economic and fraud trends evolving? What tools are available to secure online transactions? What are best
More informationPresented by: Mike Morris and Jim Rumph
Presented by: Mike Morris and Jim Rumph Introduction MICHAEL MORRIS, CISA Systems Partner JIM RUMPH, CISA Systems Manager Objectives To understand how layered security assists in securing your network
More informationOut-Of-Band Authentication Using a Real-time, Multi-factor Service Model
Out-Of-Band Authentication Using a Real-time, Multi-factor Service Model Andrew Rolfe Authentify, Inc. Andy.Rolfe@Authentify.com Presentation Overview Authentication basics What is OOBA? Why is it important?
More informationACI Response to FFIEC Guidance
ACI Response to FFIEC Guidance Version 1 July 2011 Table of contents Introduction 3 FFIEC Supervisory Expectations 4 ACI Online Banking Fraud Management 8 Online Banking Fraud Detection and Prevention
More informationTop Authentication & Identification Methods to Protect Your Credit Union
Top Authentication & Identification Methods to Protect Your Credit Union Presented on: Thursday, May 7, 2 3 ET Co presented by: Ann Davidson VP of Risk Consulting at Allied Solutions Tammy Behnke Credit
More informationREGULATIONS FOR THE SECURITY OF INTERNET BANKING
REGULATIONS FOR THE SECURITY OF INTERNET BANKING PAYMENT SYSTEMS DEPARTMENT STATE BANK OF PAKISTAN Table of Contents PREFACE... 3 DEFINITIONS... 4 1. SCOPE OF THE REGULATIONS... 6 2. INTERNET BANKING SECURITY
More informationIntelligent Security Design, Development and Acquisition
PAGE 1 Intelligent Security Design, Development and Acquisition Presented by Kashif Dhatwani Security Practice Director BIAS Corporation Agenda PAGE 2 Introduction Security Challenges Securing the New
More informationMeeting the FDA s Requirements for Electronic Records and Electronic Signatures (21 CFR Part 11)
Meeting the FDA s Requirements for Electronic Records and Electronic Signatures (21 CFR Part 11) Executive Summary...3 Background...4 Internet Growth in the Pharmaceutical Industries...4 The Need for Security...4
More informationSupplement to Authentication in an Internet Banking Environment
Federal Financial Institutions Examination Council 3501 Fairfax Drive Room B7081a Arlington, VA 22226-3550 (703) 516-5588 FAX (703) 562-6446 http://www.ffiec.gov Purpose Supplement to Authentication in
More informationCybersecurity Issues for Community Banks
Eastern Massachusetts Compliance Network Cybersecurity Issues for Community Banks Copyright 2014 by K&L Gates LLP. All rights reserved. Sean P. Mahoney sean.mahoney@klgates.com K&L Gates LLP State Street
More informationIdentity and Access Management Initiatives in the United States Government
Identity and Access Management Initiatives in the United States Government Executive Office of the President November 2008 Importance of Identity Management within the Federal Government "Trusted Identity"
More informationStrong Authentication: Enabling Efficiency and Maximizing Security in Your Microsoft Environment
Strong Authentication: Enabling Efficiency and Maximizing Security in Your Microsoft Environment IIIIII Best Practices www.gemalto.com IIIIII Table of Contents Strong Authentication and Cybercrime... 1
More informationARCHIVED PUBLICATION
ARCHIVED PUBLICATION The attached publication, NIST Special Publication 800-63 Version 1.0.2 (dated April 2006), has been superseded and is provided here only for historical purposes. For the most current
More informationDEA's New Proposed Regulations For E-Prescribing
Portfolio Media, Inc. 648 Broadway, Suite 200 New York, NY 10012 www.law360.com Phone: +1 212 537 6331 Fax: +1 212 537 6371 customerservice@portfoliomedia.com DEA's New Proposed Regulations For E-Prescribing
More informationMobile Identity: Improved Cybersecurity, Easier to Use and Manage than Passwords. Mika Devonshire Associate Product Manager
Mobile Identity: Improved Cybersecurity, Easier to Use and Manage than Passwords Mika Devonshire Associate Product Manager 1 Agenda 2 What is Cybersecurity? Quick overview of the core concepts 3 Cybercrime
More informationFFIEC CONSUMER GUIDANCE
FFIEC CONSUMER GUIDANCE Important Facts About Your Account Authentication Online Banking & Multi-factor authentication and layered security are helping assure safe Internet transactions for banks and their
More informationCyber Security and your Financial Institution: Are you ready for the increased scrutiny related to cyber risks?
Cyber Security and your Financial Institution: Are you ready for the increased scrutiny related to cyber risks? August 27, 2014 Presented by: Terry Ammons, Partner, Porter Keadle Moore Tim Davis, Senior,
More informationDigital identity: Toward more convenient, more secure online authentication
Digital identity: Toward more convenient, more secure online authentication For more than four decades, the familiar username/password method has been the basis for authentication when accessing computer-based
More informationUpdate on Identity Management Initiatives: What Are Institutions, Agencies and Federations Doing?
Update on Identity Management Initiatives: What Are Institutions, Agencies and Federations Doing? Ann West, Michigan Technology University Jackie Charonis, Stanford University Nancy Krogh, University of
More informationNATIONAL MARINE FISHERIES SERVICE INSTRUCTION 32-110-01 JUNE 25, 2007
Department of Commerce $ National Oceanic & Atmospheric Administration $ National Marine Fisheries Service NATIONAL MARINE FISHERIES SERVICE INSTRUCTION 32-110-01 JUNE 25, 2007 Information Management Use
More informationCUSTOMER SECURITY AWARENESS: A Key Defense Against Corporate Account Takeover & Cyber Fraud
CUSTOMER SECURITY AWARENESS: A Key Defense Against Corporate Account Takeover & Cyber Fraud Presented by Tom Garcia President / CEO InfoSight, Inc. 2014 InfoSight What we ll cover today 1. The MFA & NACHA
More informationStrong Authentication. Securing Identities and Enabling Business
Strong Authentication Securing Identities and Enabling Business Contents Contents...2 Abstract...3 Passwords Are Not Enough!...3 It s All About Strong Authentication...4 Strong Authentication Solutions
More informationElectronic Authentication Guideline. -- OR -- http://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-63-2.pdf
The attached Special Publication 800-63-1 document (provided here for historical purposes) has been superseded by the following publication: Publication Number: Special Publication 800-63-2 Title: Publication
More informationELECTRONIC AUTHENTICATION. Understanding the New. Multi-factor authentication and layered security are
Understanding the New ELECTRONIC AUTHENTICATION Multi-factor authentication and layered security are helping assure safe Internet transactions for credit unions and their members. Assuring Your Online
More informationIDENTITY & ACCESS. Providing Cost-Effective Strong Authentication in the Cloud. a brief for cloud service providers
IDENTITY & ACCESS Providing Cost-Effective Strong Authentication in the Cloud a brief for cloud service providers Introduction Interest and use of the cloud to store enterprise resources is growing fast.
More informationWho s There? A Methodology for Selecting Authentication Credentials. VA-SCAN October 5, 2009 Mary Dunker dunker@vt.edu
Who s There? A Methodology for Selecting Authentication Credentials VA-SCAN October 5, 2009 Mary Dunker dunker@vt.edu Who s There? Driving by your house Do you care? Probably not -- anyone can look 2 Who
More informationHow To Comply With Ffiec
SOLUTION BRIEF authentication in the internet banking environment: The solution for FFIEC compliance from CA Technologies agility made possible Introduction to FFIEC Compliance In October of 2005, the
More informationUser Authentication Guidance for IT Systems
Information Technology Security Guideline User Authentication Guidance for IT Systems ITSG-31 March 2009 March 2009 This page intentionally left blank March 2009 Foreword The User Authentication Guidance
More information2014 Payments Fraud Survey Summary of Results
2014 Payments Fraud Survey Summary of Results Federal Reserve Bank of Dallas FIRM Financial Institution Relationship Management November 5, 2014 Contents Introduction... 2 Respondent Profile... 3 Summary
More informationCyber Liability Insurance: It May Surprise You
Cyber Liability Insurance: It May Surprise You Moderator Eugene Montgomery, President & CEO Community Financial Insurance Center Panelists Antonio Trotta, Senior Claim Counsel, CNA Specialty William Heinbokel,
More informationPhishing for Fraud: Don't Let your Company Get Hooked!
Phishing for Fraud: Don't Let your Company Get Hooked! March 2009 Approved for 1 CTP/CCM recertification credit by the Association for Financial Professionals 1 Today s Speakers: Joe Potuzak is Senior
More informationAuthentication in an Internet Banking Environment
Federal Financial Institutions Examination Council FFIEC Logo 3501 Fairfax Drive Room 3086 Arlington, VA 22226-3550 (703) 516-5588 FAX (703) 516-5487 http://www.ffiec.gov Authentication in an Internet
More informationSECURITY IMPLICATIONS OF NFC IN AUTHENTICATION AND IDENTITY MANAGEMENT
SECURITY IMPLICATIONS OF NFC IN AUTHENTICATION AND IDENTITY MANAGEMENT Dmitry Barinov SecureKey Technologies Inc. Session ID: MBS-W09 Session Classification: Advanced Session goals Appreciate the superior
More informationMANAGING RISK: SECURING DIGITAL IDENTITIES Striking the balance between user experience and security
MANAGING RISK: SECURING DIGITAL IDENTITIES Striking the balance between user experience and security You re more connected, but more at risk too Enterprises are increasingly engaging with partners, contractors
More informationHere are two informational brochures that disclose ways that we protect your accounts and tips you can use to be safer online.
Here are two informational brochures that disclose ways that we protect your accounts and tips you can use to be safer online. FFIEC BUSINESS ACCOUNT GUIDANCE New financial standards will assist credit
More informationEnhanced Security for Online Banking
Enhanced Security for Online Banking MidSouth Bank is focused on protecting your personal and account information at all times. As instances of internet fraud increase, it is no longer sufficient to use
More informationSecurity Assessment of briidge.net TM 2-Step verification for banking customers in a multichannel delivery environment that is FFIEC compliant
Security Assessment of briidge.net TM 2-Step verification for banking customers in a multichannel delivery environment that is FFIEC compliant Prepared for: By: Wesly Delva, SSCP, Information Security
More informationBiometric Recognition s Role in Identity Management
Biometric Recognition s Role in Identity Management Elisa Bertino CS Department CERIAS Purdue University bertino@cs.purdue.edu Dr. Elisa Bertino 1 What is Digital Identity? Digital Identity: Digital identity
More informationMobility, Security and Trusted Identities: It s Right In The Palm of Your Hands. Ian Wills Country Manager, Entrust Datacard
Mobility, Security and Trusted Identities: It s Right In The Palm of Your Hands Ian Wills Country Manager, Entrust Datacard WHO IS ENTRUST DATACARD? 2 Entrust DataCard Datacard Corporation. Corporation.
More informationWhitepaper on AuthShield Two Factor Authentication with ERP Applications
Whitepaper on AuthShield Two Factor Authentication with ERP Applications By INNEFU Labs Pvt. Ltd Table of Contents 1. Overview... 3 2. Threats to account passwords... 4 2.1 Social Engineering or Password
More informationUnderstanding the Role of Smart Cards for Strong Authentication in Network Systems. Bryan Ichikawa Deloitte Advisory
Understanding the Role of Smart Cards for Strong Authentication in Network Systems Bryan Ichikawa Deloitte Advisory Overview This session will discuss the state of authentication today, identify some of
More informationBest Practices in Identity and Access Management (I&AM) for Regulatory Compliance. RSA Security and Accenture February 26, 2004 9:00 AM
Best Practices in Identity and Access Management (I&AM) for Regulatory Compliance RSA Security and Accenture February 26, 2004 9:00 AM Agenda Laura Robinson, Industry Analyst, RSA Security Definition of
More informationTechnical Safeguards is the third area of safeguard defined by the HIPAA Security Rule. The technical safeguards are intended to create policies and
Technical Safeguards is the third area of safeguard defined by the HIPAA Security Rule. The technical safeguards are intended to create policies and procedures to govern who has access to electronic protected
More informationThe Evolution of Data Breaches
The Evolution of Data Breaches 2015 Data Privacy & Security Summit June 29, 2015 Mark Shelhart Incident Response & Forensics Retail Data Security recent victims The Largest Cyber Risks to your Organization
More informationFFIEC Authentication Guidance Examination in 2012: Are You Prepared?
FFIEC Authentication Guidance Examination in 2012: Are You Prepared? Areas of Continuity, Change, and Emphasis The Knowledge Congress LIVE Webcast March 8, 2012 Andrew Lorentz Partner, Washington, D.C.
More informationPROGRAM TO PREVENT, DETECT & MITIGATE IDENTITY THEFT
Office of Employee Benefits Administrative Manual PROGRAM TO PREVENT, DETECT & MITIGATE IDENTITY THEFT 150 EFFECTIVE DATE: AUGUST 1, 2009 REVISION DATE: PURPOSE: Ensure that the Office of Employee Benefits
More informationIDRBT Working Paper No. 11 Authentication factors for Internet banking
IDRBT Working Paper No. 11 Authentication factors for Internet banking M V N K Prasad and S Ganesh Kumar ABSTRACT The all pervasive and continued growth being provided by technology coupled with the increased
More informationDepartment of Veterans Affairs VA DIRECTIVE 6510 VA IDENTITY AND ACCESS MANAGEMENT
Department of Veterans Affairs VA DIRECTIVE 6510 Washington, DC 20420 Transmittal Sheet VA IDENTITY AND ACCESS MANAGEMENT 1. REASON FOR ISSUE: This Directive defines the policy and responsibilities to
More informationTen Questions Your Board Should be asking about Cyber Security. Eric M. Wright, Shareholder
Ten Questions Your Board Should be asking about Cyber Security Eric M. Wright, Shareholder Eric Wright, CPA, CITP Started my career with Schneider Downs in 1983. Responsible for all IT audit and system
More informationBiometrics and National Strategy for Trusted Identities in Cyberspace Improving the Security of the Identity Ecosystem September 19
Biometrics and National Strategy for Trusted Identities in Cyberspace Improving the Security of the Identity Ecosystem September 19 Andrew Sessions, Abel Sussman Biometrics Consortium Conference Agenda
More informationA Cautionary Tale Plus Cross-Channel Risk
Dan Tobin A Cautionary Tale Plus Cross-Channel Risk IT Examiner Supervision, Regulation & Credit Dan.tobin@bos.frb.org Agenda A Cautionary Tale Shames-Yeakel v. Citizens Financial Bank Cross-Channel Risk
More informationTechnical User Group Agenda
Technical User Group Agenda December 16, 2014 Web Conference Information URL: https://www.connectmeeting.att.com Meeting Number: 8665282256 Access Code: 5251941 10:00 a.m. 10:30 a.m. (Pacific Time) Conference
More informationThese Frequently Asked Questions include information about both the Remote Identity Proofing (RIDP) and
Questions and Answers about Remote Identity Proofing and Multi- Factor Authentication About the Frequently Asked Questions These Frequently Asked Questions include information about both the Remote Identity
More informationAn NSTIC-Compliant Identity Ecosystem For Preventing Consumer Identity Theft
An NSTIC-Compliant Identity Ecosystem For Preventing Consumer Identity Theft Executive Summary Bob Pinheiro Robert Pinheiro Consulting LLC nstic@bobpinheiro.com This note proposes that emerging NSTIC-compliant
More informationSOUTH TEXAS COLLEGE. Identity Theft Prevention Program and Guidelines. FTC Red Flags Rule
SOUTH TEXAS COLLEGE Identity Theft Prevention Program and Guidelines FTC Red Flags Rule Issued June 24, 2009 Table of Contents Section Section Description Page # 1 Section 1: Program Background and Purpose
More informationInformation Technology Branch Access Control Technical Standard
Information Technology Branch Access Control Technical Standard Information Management, Administrative Directive A1461 Cyber Security Technical Standard # 5 November 20, 2014 Approved: Date: November 20,
More information5 FAM 140 ACCEPTABILITY AND USE OF ELECTRONIC SIGNATURES
5 FAM 140 ACCEPTABILITY AND USE OF ELECTRONIC SIGNATURES 5 FAM 141 PURPOSE (CT-IM-112; 07-30-2010) (Office of Origin: IRM/OPS/ITI/SI/IIB) The purpose of this FAM chapter is to enable the Department to
More informationAlternative authentication what does it really provide?
Alternative authentication what does it really provide? Steve Pannifer Consult Hyperion Tweed House 12 The Mount Guildford GU2 4HN UK steve.pannifer@chyp.com Abstract In recent years many new technologies
More informationOverall, which types of fraud has your organisation experienced in the past year?
1) Overall, which types of fraud has your organisation experienced in the past year? Insider fraud Corporate Account Takeover Consumer Account Takeover ATM/ABM (skimming, ram raid, etc.) Bill pay Cheque
More informationGeneral Comments and Replies to Questions
DRAFT BSG RESPONSE TO EBA/DP/2015/03 ON FUTURE DRAFT REGULATORY TECHNICAL STANDARDS ON STRONG CUSTOMER AUTHENTICATION AND SECURE COMMUNICATION UNDER THE REVISED PAYMENT SERVICES DIRECTIVE (PSD2) General
More informationRisky Business. Is Your Cybersecurity in Cruise Control? ISACA Austin Chapter Meeting May 5, 2015
Risky Business Is Your Cybersecurity in Cruise Control? ISACA Austin Chapter Meeting May 5, 2015 What We ll Cover About Me Background The threat Risks to your organization What your organization can/should
More informationIdaho Letter of Intent for 2015 MeF
Overview Industry Trusted Customer Requirements Idaho Letter of Intent for 2015 MeF The industry, state and IRS partners recognize that even though fraud filings will still occur, we all must be proactive
More informationResearch Article. Research of network payment system based on multi-factor authentication
Available online www.jocpr.com Journal of Chemical and Pharmaceutical Research, 2014, 6(7):437-441 Research Article ISSN : 0975-7384 CODEN(USA) : JCPRC5 Research of network payment system based on multi-factor
More informationMobile Medical Devices and BYOD: Latest Legal Threat for Providers
Presenting a live 90-minute webinar with interactive Q&A Mobile Medical Devices and BYOD: Latest Legal Threat for Providers Developing a Comprehensive Usage Strategy to Safeguard Health Information and
More informationEd McMurray, CISA, CISSP, CTGA CoNetrix
Ed McMurray, CISA, CISSP, CTGA CoNetrix AGENDA Introduction Cybersecurity Recent News Regulatory Statements NIST Cybersecurity Framework FFIEC Cybersecurity Assessment Questions Information Security Stats
More informationDesigning federated identity management architectures for addressing the recent attacks against online financial transactions.
Designing federated identity management architectures for addressing the recent attacks against online financial transactions. Dr. Christos K. Dimitriadis Security Officer INTRALOT S.A. Scope and Agenda
More informationEntrust IdentityGuard
+1-888-437-9783 sales@identisys.com IdentiSys.com Distributed by: Entrust IdentityGuard is an award-winning software-based authentication enterprises and governments. The solution serves as an organization's
More informationUser Authentication for Software-as-a-Service (SaaS) Applications White Paper
User Authentication for Software-as-a-Service (SaaS) Applications White Paper User Authentication for Software-as-a-Service (SaaS) Applications White Paper Page 1 of 16 DISCLAIMER Disclaimer of Warranties
More informationIdentity: The Key to the Future of Healthcare
Identity: The Key to the Future of Healthcare Chief Medical Officer Anakam Identity Services July 14, 2011 Why is Health Information Technology Critical? Avoids medical errors. Up to 98,000 avoidable hospital
More informationv. ) Case No. PETITION cause of action against Defendant, BancorpSouth Bank ("BancorpSouth"), states as follows:
1 IN THE CIRCUIT COURT OF GREENE COUNTY, MISSOURI DIVISION CHOICE ESCROW AND LAND TITLE, LLC, ) ) Plaintiff, ) ) v. ) Case No. ) BANCORPSOUTH BANK, ) Serve: Rodney Nichols, Agent, ) Carnahan, Evans, Cantwell
More informationTHE CHANGING FACE OF CYBERCRIME AND WHAT IT MEANS FOR BANKS
THE CHANGING FACE OF CYBERCRIME AND WHAT IT MEANS FOR BANKS David Glockner, Managing Director strozfriedberg.com Overview The big picture: what does cybercrime look like today and how is it evolving? What
More informationE-MAIL & INTERNET FRAUD
FRAUD ALERT! FRAUD ALERT! Guarding Against E-MAIL & INTERNET FRAUD What credit union members should know to counter Phishing Pharming Spyware Online fraud On-Line Fraud Is Growing E-Mail and Internet Fraud
More informationAudio: This overview module contains an introduction, five lessons, and a conclusion.
Homeland Security Presidential Directive 12 (HSPD 12) Overview Audio: Welcome to the Homeland Security Presidential Directive 12 (HSPD 12) overview module, the first in a series of informational modules
More informationSecuring Cloud Applications with Two-Factor Authentication
Institute of Parallel and Distributed Systems University of Stuttgart Universitätsstraße 38 D 70569 Stuttgart Master Thesis Nr. 3452 Securing Cloud Applications with Two-Factor Authentication Umair Ashraf
More informationRemote Deposit Quick Start Guide
Treasury Management Fraud Prevention How to Protect Your Business Remote Deposit Quick Start Guide What s Inside We re committed to the safety of your company s financial information. We want to make you
More informationNetwork Security & Privacy Landscape
Network Security & Privacy Landscape Presented By: Greg Garijanian Senior Underwriter Professional Liability 1 Agenda Network Security Overview -Latest Threats - Exposure Trends - Regulations Case Studies
More informationBiometrics and Cyber Security
Biometrics and Cyber Security Key Considerations in Protecting Critical Infrastructure Now and In The Future Conor White, Chief Technology Officer, Daon Copyright Daon, 2009 1 Why is Cyber Security Important
More informationPACB One-Day Cybersecurity Workshop
PACB One-Day Cybersecurity Workshop WHAT IS CYBERSECURITY? PRESENTED BY: JON WALDMAN, SBS CISA, CRISC 1 Contact Information Jon Waldman Partner, Senior IS Consultant CISA, CRISC Masters of Info Assurance
More informationBusiness Online Banking Quick Users Guide
Business Online Banking Quick Users Guide Business Online Banking Quick Users Guide Table of Contents Overview 2 First Time Login 2 Security 4 Contact Points 4 Registering your Browser / Computer 5 Adding,
More informationFederal Reserve Bank of Dallas. September 14, 2001 SUBJECT. Guidance on Authentication in Electronic Banking DETAILS
ll K Federal Reserve Bank of Dallas DALLAS, TEXAS 75265-5906 September 14, 2001 Notice 01-67 TO: The Chief Executive Officer of each financial institution and others concerned in the Eleventh Federal Reserve
More informationRSA Solution Brief. RSA SecurID Authentication in Action: Securing Privileged User Access. RSA Solution Brief
RSA SecurID Authentication in Action: Securing Privileged User Access RSA SecurID solutions not only protect enterprises against access by outsiders, but also secure resources from internal threats The
More informationComodo Authentication Solutions Overview
Comodo Authentication Solutions Overview Client Authentication Certificates Two-Factor Authentication Content Verification Certificates Mutual Authentication Foreword Conducting business online offers
More informationBy: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015
Community Bank Auditors Group Cybersecurity What you need to do now June 9, 2015 By: Gerald Gagne MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2015 Wolf & Company, P.C. Cybersecurity
More informationOakland Family Services - Was Your Email Hacked?
Oakland Family Services Information Breach FAQs 1. What happened? An unauthorized individual remotely gained access to the email account of one Oakland Family Services employee July 14, 2015 resulting
More informationA brief on Two-Factor Authentication
Application Note A brief on Two-Factor Authentication Summary This document provides a technology brief on two-factor authentication and how it is used on Netgear SSL312, VPN Firewall, and other UTM products.
More information