The FFIEC doesn't dictate specific technologies, but it makes it clear that financial institutions have to monitor for attacks, have a response plan and "ensure sufficient staffing for the duration of the DDoS attack and consider hiring pre-contracted third-party servicers, as appropriate, that can assist in managing the Internet-related traffic flow." In addition, banks are expected to "identify how the institution's ISP can assist in responding to and mitigating an attack."The FFIEC also wants banks and others to share attack details with the Financial Services Information Sharing and Analysis Center and law enforcement.
The FFIEC statement points to a number of references, such as the "DDoS Quick Guide" from the Department of Homeland Security and publications from the National Institute of Standards and Technology
Ellen Messmer is senior editor at Network World, an IDG website, where she covers news and technology trends related to information security. Twitter: MessmerE. E-mail: firstname.lastname@example.org
Read more about wide area network in Network World's Wide Area Network section.