Educause Security Discussion mailing list archives

Re: Red Flag ownership

From: Anand Malwade <malwadan () SHU EDU>
Date: Wed, 12 Nov 2008 09:57:58 -0500

The ownership should ideally be under Legal and Compliance and all other
departments that have PII are the stakeholders. IT will have a major role
to play that includes developing a Training and Awareness Program as a
preventive measure to mitigate the risk of Identity Theft.

Anand


Anand Malwade
Information Security Officer,
Seton Hall University,
Tel: 973 275 2209
malwadan () shu edu



Erik Decker <edecker () LUC EDU>
Sent by: The EDUCAUSE Security Constituent Group Listserv
<SECURITY () LISTSERV EDUCAUSE EDU>
11/12/2008 09:25 AM
Please respond to
The EDUCAUSE Security Constituent Group Listserv
<SECURITY () LISTSERV EDUCAUSE EDU>


To
SECURITY () LISTSERV EDUCAUSE EDU
cc

Subject
[SECURITY] Red Flag ownership






There has been some discsussion at our university on which department
should be "own" the Red Flag rule, released by the FTC.  I know that
enforcement of this rule has been deferred, however for the time being we
are still evaluating how we will respond to it.

Is your IT(S) Division taking ownership, or is your Finance Division
taking ownership?  Is there some other department?

I will compile the list of responses and post back to this list.

Many thanks!

----
Erik Decker
Security Administrator
Information Technology Services

Current thread:

Red Flag ownership Erik Decker (Nov 12)
- <Possible follow-ups>
- Re: Red Flag ownership Cathy Hubbs (Nov 12)
- Re: Red Flag ownership Anand Malwade (Nov 12)
- Re: Red Flag ownership Basgen, Brian (Nov 12)