Educause Security Discussion mailing list archives
Re: Red Flag ownership
From: Anand Malwade <malwadan () SHU EDU>
Date: Wed, 12 Nov 2008 09:57:58 -0500
The ownership should ideally be under Legal and Compliance and all other departments that have PII are the stakeholders. IT will have a major role to play that includes developing a Training and Awareness Program as a preventive measure to mitigate the risk of Identity Theft. Anand Anand Malwade Information Security Officer, Seton Hall University, Tel: 973 275 2209 malwadan () shu edu Erik Decker <edecker () LUC EDU> Sent by: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> 11/12/2008 09:25 AM Please respond to The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> To SECURITY () LISTSERV EDUCAUSE EDU cc Subject [SECURITY] Red Flag ownership There has been some discsussion at our university on which department should be "own" the Red Flag rule, released by the FTC. I know that enforcement of this rule has been deferred, however for the time being we are still evaluating how we will respond to it. Is your IT(S) Division taking ownership, or is your Finance Division taking ownership? Is there some other department? I will compile the list of responses and post back to this list. Many thanks! ---- Erik Decker Security Administrator Information Technology Services
Current thread:
- Red Flag ownership Erik Decker (Nov 12)
- <Possible follow-ups>
- Re: Red Flag ownership Cathy Hubbs (Nov 12)
- Re: Red Flag ownership Anand Malwade (Nov 12)
- Re: Red Flag ownership Basgen, Brian (Nov 12)