Educause Security Discussion mailing list archives

Re: Red Flag ownership

From: Cathy Hubbs <hubbs () AMERICAN EDU>
Date: Wed, 12 Nov 2008 09:45:12 -0500

Our Risk Management Office is taking the lead "owns" the responsibility of
drafting the policy and program with consultation and input from our
General Counsel and IT Security Office.

Cathy Hubbs
Chief Information Security Officer
American University




Erik Decker <edecker () LUC EDU>
Sent by: The EDUCAUSE Security Constituent Group Listserv
<SECURITY () LISTSERV EDUCAUSE EDU>
11/12/2008 09:24 AM
Please respond to
The EDUCAUSE Security Constituent Group Listserv
<SECURITY () LISTSERV EDUCAUSE EDU>


To
SECURITY () LISTSERV EDUCAUSE EDU
cc

Subject
[SECURITY] Red Flag ownership






There has been some discsussion at our university on which department
should be "own" the Red Flag rule, released by the FTC.  I know that
enforcement of this rule has been deferred, however for the time being we
are still evaluating how we will respond to it.

Is your IT(S) Division taking ownership, or is your Finance Division
taking ownership?  Is there some other department?

I will compile the list of responses and post back to this list.

Many thanks!

----
Erik Decker
Security Administrator
Information Technology Services

Current thread:

Red Flag ownership Erik Decker (Nov 12)
- <Possible follow-ups>
- Re: Red Flag ownership Cathy Hubbs (Nov 12)
- Re: Red Flag ownership Anand Malwade (Nov 12)
- Re: Red Flag ownership Basgen, Brian (Nov 12)