Re: FTC and Red Flag Rule

[Allen Barrett <sabarrett () HARDING EDU>]

If you don't mind, I'd also be very interested in what you're putting
together.  Thanks for offering to share.  :)

On Fri, Oct 10, 2008 at 10:05 AM, Ed Nila <enila () pacificoaks edu> wrote:

>  Kevin,
>
>
>
> As with the others I would also be interested in your findings.
>
>
>
> Ed Nila
>
>
>  ------------------------------
>
> *From:* The EDUCAUSE Security Constituent Group Listserv [mailto:
> SECURITY () LISTSERV EDUCAUSE EDU] *On Behalf Of *Smith, Bob
> *Sent:* Thursday, October 09, 2008 9:09 AM
> *To:* SECURITY () LISTSERV EDUCAUSE EDU
> *Subject:* Re: [SECURITY] FTC and Red Flag Rule
>
>
>
> Kevin,
>
>
>
> I would be interested in this information.
>
>
>
> Bob Smith
>
> Information Security Officer
>
> Longwood University
>
>
>
>
>
> *From:* The EDUCAUSE Security Constituent Group Listserv [mailto:
> SECURITY () LISTSERV EDUCAUSE EDU] *On Behalf Of *Mclaughlin, Kevin
> (mclaugkl)
> *Sent:* Wednesday, October 08, 2008 3:38 PM
> *To:* SECURITY () LISTSERV EDUCAUSE EDU
> *Subject:* Re: [SECURITY] FTC and Red Flag Rule
>
>
>
> Hi Anand:
>
>
>
> We are affected, or at least that is what my treasurer, GC and myself
> believe based on our research into this.    I am currently going through the
> final set of red flag rules and trying to prepare a high level executive
> summary of what I think this means.  Of the 328 pages I have been able to
> drop it down to 120 and am hoping to get that to a document under 10 pages
> that is basically a  "this is what you should be doing" doc.
>
>
>
> If interested in getting a copy of that document (probably be early next
> week before I am finished with it) just let me know.
>
>
>
> -Kevin
>
>
>
>
>
> Kevin L. McLaughlin
>
> CISM, CISSP, GIAC-GSLC,PMP, ITIL Master Certified
>
> Director, Information Security
>
> University of Cincinnati
>
> 513-556-9177 (w)
>
> 513-703-3211 (m)
>
> 513-558-ISEC (department)
>
>
>
>
>
>  [image: UC-Logo-800]
>
>
>
> CONFIDENTIALITY NOTICE: This e-mail message and its content is
> confidential, intended solely for the addressee, and may be legally
> privileged. Access to this message and its content by any individual or
> entity other than those identified in this message is unauthorized. If you
> are not the intended recipient, any disclosure, copying or distribution of
> this e-mail may be unlawful. Any action taken or omitted due to the content
> of this message is prohibited and may be unlawful.
>
>
>
>
>
> *From:* The EDUCAUSE Security Constituent Group Listserv [mailto:
> SECURITY () LISTSERV EDUCAUSE EDU] *On Behalf Of *Anand Malwade
> *Sent:* Wednesday, October 08, 2008 3:24 PM
> *To:* SECURITY () LISTSERV EDUCAUSE EDU
> *Subject:* [SECURITY] FTC and Red Flag Rule
>
>
>
>
> Hi,
>
> Does anyone know if Educational Institutions are affected by the FTC's Red
> flag rule about maintaining an Identity Theft program ? If yes has anyone
> implemented or has a roadmap for deployment?
> In my opinion if the rule is indeed applicable, the Institution's Legal
> Counsel should drive the initiative and not IT.
>
> Any suggestions are welcome.
>
>
>
> http://www.dciginc.com/2008/08/ftc-issues-red-flag-rules-reminder-ensuring-i.html
>
> http://www.ftc.gov/bcp/edu/pubs/business/alerts/alt050.shtm
>
>
>
> Thanks,
> Anand
>
>
>
> Anand Malwade, CISSP,CISM,CISA.
> Information Security Officer,
> Seton Hall University,
> malwadan () shu edu



--
Allen Barrett
IT Security Administrator
Harding University
Admin 304
(501) 279-4198