PRO+ Premium Content/Information Security

Thank you for joining!
Access your Pro+ Content below.
June 2007

Interview: FDIC director explains FFIEC standard

FFIEC aims to make online banking safe for consumers by forcing financial services institutions to assess the risks in their environments and deploy appropriate controls such as strong authentication. Michael L. Jackson, associate director of the FDIC, helped develop the guidance two years ago; six months after the Dec. 31, 2006 compliance deadline, Jackson assesses FFIEC's impact so far. Michael L. Jackson What's your sense for compliance? Are most financial services institutions compliant--or close? Our early kick-of-the-tires indications are that yes, the industry has responded positively to the guidance. Keep in mind, the agencies are not doing anything different outside the normal exam process. If an organization is scheduled for an exam, the exam will proceed and we will look at the guidance. If an institution is not scheduled for an exam, we will not go in specifically to look just at the guidance. What are some of the concerns being expressed by institutions that may be struggling to comply? Some of the questions were ...

Access this PRO+ Content for Free!

Features in this issue

  • SIMs maturing and suitable for mid-market

    Security information management systems (SIMs) tools have expanded with more capabilities such as active threat response. The broadening of the technology will provide security managers with a sharper view of their overall security posture.

  • Product review: nCircle Configuration Compliance Manager

    nCircle Configuration Compliance Manager brings policy compliance and secuirty management into one centralized software suite. It provides vulnerability scanning via third-party scanners such as Nessus. This product review rates the software's ease of installation, features and effectiveness.

  • Encryption key management blunders can render deployments useless

    Encryption sounds like an ideal way to protect data but key management, including accountability, training, and enforcement of password complexity, are challenging.

Columns in this issue