Home page logo
/

educause logo Educause Security Discussion mailing list archives

Re: FTC and Red Flag Rule
From: Anand Malwade <malwadan () SHU EDU>
Date: Wed, 8 Oct 2008 15:49:16 -0400

Hi Kevin,

Thanks for the response ! and yes i would very much appreciate a copy of 
your document. Interestingly, our GC is not 100% sure of its applicability 
to us but from the postings on NACUBO looks like we are.

regards,
Anand


Anand Malwade, CISSP,CISM,CISA.
Information Security Officer,
Seton Hall University,
malwadan () shu edu 




"Mclaughlin, Kevin (mclaugkl)" <mclaugkl () UCMAIL UC EDU> 
Sent by: The EDUCAUSE Security Constituent Group Listserv 
<SECURITY () LISTSERV EDUCAUSE EDU>
10/08/2008 03:38 PM
Please respond to
The EDUCAUSE Security Constituent Group Listserv 
<SECURITY () LISTSERV EDUCAUSE EDU>


To
SECURITY () LISTSERV EDUCAUSE EDU
cc

Subject
Re: [SECURITY] FTC and Red Flag Rule






Hi Anand:
 
We are affected, or at least that is what my treasurer, GC and myself 
believe based on our research into this.    I am currently going through 
the final set of red flag rules and trying to prepare a high level 
executive summary of what I think this means.  Of the 328 pages I have 
been able to drop it down to 120 and am hoping to get that to a document 
under 10 pages that is basically a  “this is what you should be doing” 
doc.
 
If interested in getting a copy of that document (probably be early next 
week before I am finished with it) just let me know.
 
-Kevin
 
 
Kevin L. McLaughlin
CISM, CISSP, GIAC-GSLC,PMP, ITIL Master Certified 
Director, Information Security
University of Cincinnati
513-556-9177 (w)
513-703-3211 (m)
513-558-ISEC (department)
 
 
 
 

CONFIDENTIALITY NOTICE: This e-mail message and its content is 
confidential, intended solely for the addressee, and may be legally 
privileged. Access to this message and its content by any individual or 
entity other than those identified in this message is unauthorized. If you 
are not the intended recipient, any disclosure, copying or distribution of 
this e-mail may be unlawful. Any action taken or omitted due to the 
content of this message is prohibited and may be unlawful.
 
 
From: The EDUCAUSE Security Constituent Group Listserv 
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Anand Malwade
Sent: Wednesday, October 08, 2008 3:24 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] FTC and Red Flag Rule
 

Hi, 

Does anyone know if Educational Institutions are affected by the FTC's Red 
flag rule about maintaining an Identity Theft program ? If yes has anyone 
implemented or has a roadmap for deployment? 
In my opinion if the rule is indeed applicable, the Institution's Legal 
Counsel should drive the initiative and not IT. 

Any suggestions are welcome. 


http://www.dciginc.com/2008/08/ftc-issues-red-flag-rules-reminder-ensuring-i.html 


http://www.ftc.gov/bcp/edu/pubs/business/alerts/alt050.shtm 



Thanks, 
Anand 



Anand Malwade, CISSP,CISM,CISA.
Information Security Officer,
Seton Hall University,
malwadan () shu edu 


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]