Authentication options |
 |
| 16 Aug 2006 |
|
|
Webcast: FFIEC: How to comply with the authentication regulation
Length: 60 minutes
The Federal Financial Institutions Examination Council (FFIEC) has mandated that financial institutions secure online transactions by deploying two-factor authentication. However, the regulation is not prescriptive and is open to interpretation. This webcast sets the record straight on what organizations need to do to comply, with a focus on the technologies the FFIEC deems acceptable. Bowers also outlines the benefits of rolling out a similar authentication strategy for organizations that are not required to comply with the mandate.
Technical article: Authentication in the real world: Moving from strategy to implementation
Security practitioners are often challenged to effectively roll out a strong authentication system across a heterogeneous IT environment. In this article, you get advice for converting a strategic authentication decision into an actual implementation plan. Bowers explores issues such as the value in assigning a single LDAP corporate directory, and the pros and cons of utilizing group policy at the directory level.
Podcast: Balancing the authentication equation
Length: 10 minutes
When deploying any authentication option, businesses need to weigh several factors, notably cost and usability. In many cases, they're looking for non-invasive forms of authentication that won't interrupt the user experience. In other instances, the goal is stronger authentication at all costs. The podcast will help businesses understand the right authentication options for their diverse user communities, such as employees, partners, suppliers and customers. The emphasis will be on how best to secure access, keep regulators at bay and spend money wisely.
Quiz
Take this five-question quiz to see how much you've learned about authentication.
About the instructor
Tom Bowers, CISSP, PMP and a Certified Ethical Hacker, is a well known expert on the topics of ethical hacking, penetration testing and protection of the global enterprise. He serves as the managing director of the independent think tank and industry analyst group Security Constructs LLC. He is president of the Philadelphia chapter of Infragard. Bowers has worked in the computer field since the early 1980s and uses his years of experience in penetration testing, security project management, security product evaluation and implementation, and computer forensics for clients on a consulting basis throughout the U.S. He is a technical editor of Information Security magazine and a regular speaker at events like SearchSecurity.com's Information Security Decisions.
|
|
|
|
|
When deploying any authentication option – whether to comply with the FFIEC's two-factor authentication mandate or simply strengthen access controls – businesses need to weigh several factors to decide which option best suits their needs. In this lesson, guest instructor Tom Bowers, manager of information security operations for a fortune 100 pharmaceutical company, helps you understand the FFIEC's mandate, how to choose the right authentication option for diverse user communities and how to implement an authentication strategy.
