ENISA 얘네들 일 하는거 봐봐. 멋지네 ㅋㅋㅋㅋ
결과물 기대해보겠음!!! ^^
ENISA.hwpSurvey on Authentication Mechanisms in eFinance and ePayment services
This survey is being launched by ENISA (European Network and Information Security Agency), its purpose is to collect information about the eIDAS (electronic Identity and Authentication Systems) used in e-Finance and e-Payment systems, analyse the risks associated to each eIDAS mechanism, and produce a Guidelines report with the best practices recommended to the main actors of this sector: Financial institutions, Merchants and Payment Service providers.
Participating in this survey you will have the opportunity to get access to the draft report, make comments, influence on those recommendations and start early implementation of them, improving the security of your services.
An important role of ENISA is to provide its stakeholders with guidelines on topics that are related to Network &Information Security (NIS) - especially those topics that are associated with the correct identification of users. Particular focus will be put on informing main stakeholders in the public sector on how risks are evolving and proposing suitable mitigation strategies.
This project will concentrate on e-identity management risks in financial sector: phishing, id-theft, session and identity hick-jacking, etc. Some financial institutions still are not considering the risk associated to the use of inadequate authentication mechanisms, and this project will collect information about the amount of fraud supported by financial institutions, and correlating it with the kind of authentication mechanisms implemented. So that they could evaluate the cost/benefit associated to the implementation of additional authentication mechanisms, depending on the actual estimation of risk, based on the survey analysis.
The goals of this project will be as follows:
Identify Authentication mechanisms used in financial and payment services, and the associated risks in collaboration with key stakeholders in the sector.
Summarise the result of this analysis in a common pers pective
Produce guidelines about the best identification and authentication mechanisms to be used to prevent identity theft or spoofing, based on identified risks and some typical use cases.
Formulation of key messages to the sector on policies and capabilities improvement.
Disseminate the results.
1. Survey objectives
Identify electronic Identification &Authentication (eIDAS) mechanisms used in eFinance and ePayment services.
Most relevant One-step mechanisms
Nested / chain / multi-factor mechanisms
In the e-Banking applications, the application of eID mechanisms to different types of operations, e.g.: read data, modify credentials, money transfer, etc.
Identify characteristics of transactions / operations that share same eIDAS, e.g.:
Scope: internal / external / international
Risk: identify value thresholds
2. Timelines and working methods
The survey should be carried out until 30th June 2013.
During June and July a collection of Attack Patterns and their impact on the eFinance and ePayment service providers will be carried out.
During August and September, the collected data will be compiled and summarised in a draft report
During October, a number of presentations and meetings will take place, in order to collect comments on the recommendations stated in the draft report.
During November, those comments will be addressed in the production of the final report of the project.
Which of the following authentication mechanisms have you used for your eFinance and ePayment transactions/operations? (Required)
Username/Password
Virtual Keyboard
Partial Password
Keystroke dynamics
Handwritten Signature
Fingerprint recognition
Voice recognition
Facial recognition
Hand geometry recognition
TAN code list or coordinates card
SMS-based OTP
Hardware (Token) OTP
Mobile OTP App (Token)
QR code OTP
Computer Stored Key - eSignature
Token (USB, memory card) - eSignature
Chip card (e-Identity card) - eSignature
Mobile phone - eSignature
Device Registration
Mobile eBanking Application
Other
'other' 카테고리의 다른 글
| 똑똑한 영문 변환 (0) | 2016.05.19 |
|---|---|
| 하드디스크의 내구성이 좋아야 레이드 구성도 의미가 있는듯... (0) | 2015.11.24 |
| 추억의 복호화 테스트 스크립트;; (0) | 2013.05.06 |
| [웹로그 #3] CentOS 6.3 + OSSEC + OSSEC Dashboard(Alpha) (0) | 2013.01.04 |
| [웹로그 #2] CentOS 6.3 + OSSEC + OSSEC Dashboard (0) | 2013.01.04 |