Home page logo
/

educause logo Educause Security Discussion mailing list archives

Re: FTC and Red Flag Rule
From: "Sherry, Cathy" <csherry () UMASSP EDU>
Date: Wed, 8 Oct 2008 15:54:29 -0400

Kevin, 

 

I am very interested in getting a copy of your document.  Our GC is
unsure also.

 




:: Catherine Sherry, CISSP, CISA - Principal Security Specialist
:: University Information Technology Services (UITS)
:: University of Massachusetts President's Office


:: 508-856-1547
:: 508-856-4844 Fax
::  <mailto:csherry () umassp edu> csherry () umassp edu

University of Massachusetts : 333 South St. : Suite 400 : Shrewsbury, MA
01545 :  <http://www.massachusetts.edu/> www.massachusetts.edu

 

  _____  

From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Mclaughlin, Kevin
(mclaugkl)
Sent: Wednesday, October 08, 2008 3:38 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] FTC and Red Flag Rule

 

Hi Anand:

 

We are affected, or at least that is what my treasurer, GC and myself
believe based on our research into this.    I am currently going through
the final set of red flag rules and trying to prepare a high level
executive summary of what I think this means.  Of the 328 pages I have
been able to drop it down to 120 and am hoping to get that to a document
under 10 pages that is basically a  "this is what you should be doing"
doc.

 

If interested in getting a copy of that document (probably be early next
week before I am finished with it) just let me know.

 

-Kevin

 

 

Kevin L. McLaughlin

CISM, CISSP, GIAC-GSLC,PMP, ITIL Master Certified  

Director, Information Security

University of Cincinnati

513-556-9177 (w)

513-703-3211 (m)

513-558-ISEC (department)

 

 

 UC-Logo-800

 


CONFIDENTIALITY NOTICE: This e-mail message and its content is
confidential, intended solely for the addressee, and may be legally
privileged. Access to this message and its content by any individual or
entity other than those identified in this message is unauthorized. If
you are not the intended recipient, any disclosure, copying or
distribution of this e-mail may be unlawful. Any action taken or omitted
due to the content of this message is prohibited and may be unlawful.

 

 

From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Anand Malwade
Sent: Wednesday, October 08, 2008 3:24 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] FTC and Red Flag Rule

 


Hi, 

Does anyone know if Educational Institutions are affected by the FTC's
Red flag rule about maintaining an Identity Theft program ? If yes has
anyone implemented or has a roadmap for deployment? 
In my opinion if the rule is indeed applicable, the Institution's Legal
Counsel should drive the initiative and not IT. 

Any suggestions are welcome. 


 
<http://www.dciginc.com/2008/08/ftc-issues-red-flag-rules-reminder-ensur
ing-i.html>
http://www.dciginc.com/2008/08/ftc-issues-red-flag-rules-reminder-ensuri
ng-i.html 

 <http://www.ftc.gov/bcp/edu/pubs/business/alerts/alt050.shtm>
http://www.ftc.gov/bcp/edu/pubs/business/alerts/alt050.shtm 



Thanks, 
Anand 



Anand Malwade, CISSP,CISM,CISA.
Information Security Officer,
Seton Hall University,
malwadan () shu edu 


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]