FSTC Call for Participation: Counter-Phishing Phase I

R. A. Hettinga rah at shipwright.com
Wed Jun 2 20:55:52 EDT 2004


--- begin forwarded text


Date: Wed, 02 Jun 2004 17:17:48 -0400
From: Jim Salters <jim.salters at fstc.org>
Subject: FSTC Call for Participation: Counter-Phishing Phase I
To: members at ls.fstc.org
thread-index: AcRI5w3YXO0+/SUMRSeOkiOpFEA8WQ==
List-Post: <mailto:members at ls.fstc.org>
List-Subscribe: <http://ls.fstc.org/subscribe>,
 <mailto:members-request at ls.fstc.org?body=subscribe>
List-Archive: <http://ls.fstc.org/archives/members/>
List-Help: <http://ls.fstc.org/elists/admin.shtml>,
 <mailto:members-request at ls.fstc.org?body=help>
List-Id: <members.ls.fstc.org>

To: FSTC Members and Friends
From: Jim Salters, Director of Tech Initiatives and Project Development

We are pleased to issue this call for participation in FSTC's
Counter-Phishing Phase I initiative.  You can download the project
prospectus at: http://fstc.org/projects/new.cfm#phishing .

The cost to financial institutions for this 5-month project is $20,000, and
technology companies $15,000.  These project fees are tiered by the same
percentage as FSTC's membership tiers (see below).  Participation
commitments are requested by June 18th.

An informational conference call has been scheduled for:

Wednesday June 9th, 2pm EDT
512-225-3050, 71782#
__________________

Project Summary:

FSTC proposes to launch a three-phase initiative to address the problem of
phishing in financial services as it affects the relationship between
customer and firm. In collaboration with other industry groups, FSTC will
focus on defining the unique technical and operating requirements of
financial institutions (FIs) for counter-phishing measures; investigating
counter-phishing technical solutions, proving and piloting solution sets
enabled by technology to determine their fit against FI criteria and
requirements; and clarifying the infrastructure fit, requirements, and
impact of these technologies when deployed in concert with customer
education, enforcement and other industry initiatives.

Phase 1 will last five months. Principal deliverables for Phase 1 comprise
knowledge statements and options, recommendations, and plans for
implementations, including:

*  A registry of current and known future phishing threat, vulnerabilities
and attack models
*  A cost/impact framework for the assessment of counter-phishing options
*  A taxonomy of phishing
*  A comprehensive inventory of available solutions sets
*  The financial services operating criteria and technical requirements for
counter-phishing solutions
*  A compendium of proposals to pilot, test and evaluate promising
solutions, with implementation, test and resource plans
*  A test plan and evaluation criteria
*  An executive summary and recommendations for "quick hit" implementations,
if any; new tools development; and design of dynamic technical monitoring
and threat updating capability
__________________

Project Fees:

Financial Institutions:
 	$20,000 Assets over $100 billion (including affiliates)
 	$16,000 Assets from $50 to $99 billion (including affiliates)
 	$12,000 Assets from $20 to $49 billion (including affiliates)
 	$4,400 Assets under $19 billion (including affiliates)

Technology Companies:
 	$15,000 Revenue/funding over $100 million
 	$12,000 Revenue/funding from $50 to $99 million
 	$9,000 Revenue/funding from $20 to $49 million
 	$3,300 Revenue/funding under $19 million



----------------------------------------------------------------
To subscribe or unsubscribe from this elist use the subscription
manager: <http://ls.fstc.org/subscriber>

--- end forwarded text


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list