Home page logo
/

educause logo Educause Security Discussion mailing list archives

Effective practice? RE: FTC and Red Flag Rule
From: Theresa Semmens <theresa.semmens () NDSU EDU>
Date: Wed, 8 Oct 2008 15:19:16 -0500

The document Kevin is describing might be good to use as an effective
practice.



Theresa Semmens, CISA
NDSU IT Security Officer
PO Box 6050
North Dakota State University
Fargo, ND 58108
Phone: 701-231-5870
FAX: 701-231-8541
Theresa.Semmens () ndsu edu

"Opportunity is missed by most people because it is dressed in overalls and
looks like work."  Thomas Edison



From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Sewell, Michael K.
Sent: Wednesday, October 08, 2008 3:12 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] FTC and Red Flag Rule



I second that; I'd be very interested as well.



---

Michael K. Sewell

Director, IT Security

University of Oklahoma

405.325.4862





From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Theresa Semmens
Sent: Wednesday, October 08, 2008 3:09 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] FTC and Red Flag Rule



Would you be willing to share with the group?  I'm sure many would be
interested in using your document as a template.



Theresa Semmens, CISA
NDSU IT Security Officer
PO Box 6050
North Dakota State University
Fargo, ND 58108
Phone: 701-231-5870
FAX: 701-231-8541
Theresa.Semmens () ndsu edu

"Opportunity is missed by most people because it is dressed in overalls and
looks like work."  Thomas Edison



From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Sherry, Cathy
Sent: Wednesday, October 08, 2008 2:54 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] FTC and Red Flag Rule



Kevin,



I am very interested in getting a copy of your document.  Our GC is unsure
also.






:: Catherine Sherry, CISSP, CISA - Principal Security Specialist
:: University Information Technology Services (UITS)
:: University of Massachusetts President's Office


:: 508-856-1547
:: 508-856-4844 Fax
::  <mailto:csherry () umassp edu> csherry () umassp edu

University of Massachusetts : 333 South St. : Suite 400 : Shrewsbury, MA
01545 :  <http://www.massachusetts.edu/> www.massachusetts.edu



  _____

From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Mclaughlin, Kevin
(mclaugkl)
Sent: Wednesday, October 08, 2008 3:38 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] FTC and Red Flag Rule



Hi Anand:



We are affected, or at least that is what my treasurer, GC and myself
believe based on our research into this.    I am currently going through the
final set of red flag rules and trying to prepare a high level executive
summary of what I think this means.  Of the 328 pages I have been able to
drop it down to 120 and am hoping to get that to a document under 10 pages
that is basically a  "this is what you should be doing" doc.



If interested in getting a copy of that document (probably be early next
week before I am finished with it) just let me know.



-Kevin





Kevin L. McLaughlin

CISM, CISSP, GIAC-GSLC,PMP, ITIL Master Certified

Director, Information Security

University of Cincinnati

513-556-9177 (w)

513-703-3211 (m)

513-558-ISEC (department)





 UC-Logo-800






CONFIDENTIALITY NOTICE: This e-mail message and its content is confidential,
intended solely for the addressee, and may be legally privileged. Access to
this message and its content by any individual or entity other than those
identified in this message is unauthorized. If you are not the intended
recipient, any disclosure, copying or distribution of this e-mail may be
unlawful. Any action taken or omitted due to the content of this message is
prohibited and may be unlawful.





From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Anand Malwade
Sent: Wednesday, October 08, 2008 3:24 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] FTC and Red Flag Rule




Hi,

Does anyone know if Educational Institutions are affected by the FTC's Red
flag rule about maintaining an Identity Theft program ? If yes has anyone
implemented or has a roadmap for deployment?
In my opinion if the rule is indeed applicable, the Institution's Legal
Counsel should drive the initiative and not IT.

Any suggestions are welcome.



<http://www.dciginc.com/2008/08/ftc-issues-red-flag-rules-reminder-ensuring-
i.html>
http://www.dciginc.com/2008/08/ftc-issues-red-flag-rules-reminder-ensuring-i
.html

 <http://www.ftc.gov/bcp/edu/pubs/business/alerts/alt050.shtm>
http://www.ftc.gov/bcp/edu/pubs/business/alerts/alt050.shtm



Thanks,
Anand



Anand Malwade, CISSP,CISM,CISA.
Information Security Officer,
Seton Hall University,
malwadan () shu edu


  By Date           By Thread  

Current thread:
  • Effective practice? RE: FTC and Red Flag Rule Theresa Semmens (Oct 08)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]