Creating Your Red Flags Rule Playbook May 2010
Growing Identity Theft <ul><li>Incidences of identity theft grew by 11 percent from 2008 to 2009 altering the lives of 11 ...
Agenda <ul><li>Overview of the Red Flags Rule and who must comply </li></ul><ul><li>Learn how to enhance your data securit...
Today’s Speakers Jeff Hughes Director, Solution Marketing Lumension Brandon Dunlap Managing Director of Research Brightfly
Red Flags Rule – the What, Why, Who and When?
What is the Red Flags Rule Regulation? <ul><li>The red flags fall into five categories: </li></ul><ul><ul><li>Alerts, noti...
Who Must Comply with the Red Flags Rule? <ul><li>Applies to “financial institutions” and “creditors”  </li></ul><ul><ul><l...
Enforcement of Red Flags Rule <ul><li>Compliance Deadline </li></ul><ul><li>Anyone with “covered accounts” must be complia...
Penalties for Non-Compliance <ul><li>The FTC can seek both monetary civil penalties and injunctive relief for violations. ...
Enhancing Data Security Practices
Red Flags Rule and Your Security Program <ul><li>4. Manage </li></ul><ul><ul><li>Create operational and strategic visibili...
Enhancing Data Security Measures <ul><li>Identify Relevant Red Flags </li></ul><ul><ul><li>Identify the red flags of ident...
Harmonize Controls  Across Multiple Regulatory Requirements
Compliance and IT Risk Management  Challenges Fragmented IT Visibility Lack of Regulatory Knowledge  Manual & Disparate Pr...
Similar Requirements to Other Regulations Requirements Red Flags Rule PCI DSS Train Staff to Recognize an Incident Securit...
Capabilities to Improve Security  and Ensure Compliance
Solutions to Ensure Compliance and Improve Security <ul><li>Lumension ®  </li></ul><ul><li>Compliance and IT Risk Manageme...
Creating Your Playbook
Benefits of Creating a “Playbook” <ul><li>Reduce manual and redundant efforts </li></ul><ul><li>Deliver centralized visibi...
Q&A
<ul><li>Global Headquarters </li></ul><ul><li>8660 East Hartford Drive </li></ul><ul><li>Suite 300 </li></ul><ul><li>Scott...
Upcoming SlideShare
Loading in …5
×

Creating Your Red Flags Rule Playbook

871 views

Published on

Even with organizations tightening up data security measures, cybercriminals have become very sophisticated and continue to find ways to steal personal information and use it to open or access accounts. According to Javelin Strategies, incidences of identity theft grew by 11 percent from 2008 to 2009 altering the lives of 11 million Americans. If that pattern continues, one in every 20 Americans will be a victim of identity theft this year. The Red Flags Rule, which is enforceable as of June 1, 2010, and carries significant financial recourse for non-compliance, requires organizations across multiple industries to implement additional data security measures and be able to identify the danger signs of fraudulent activity.

In this 30-minute webcast, you will learn key tips to developing your Red Flags Rule playbook to effectively:

1. Enhance your data security practices
2. Harmonize data security control requirements across other data protection regulations such as PCI DSS
3. Monitor controls that the Federal Trade Commission mandates
4. Respond to red flags as they are identified

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
871
On SlideShare
0
From Embeds
0
Number of Embeds
11
Actions
Shares
0
Downloads
30
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Just getting something down on paper won’t reduce the risk of identity theft. That’s why the Red Flags Rule sets out requirements on how to incorporate your Program into the daily operations of your business. Your board of directors (or a committee of the board) has to approve your first written Program. If you don’t have a board, approval is up to an appropriate senior-level employee. Your Program must state who’s responsible for implementing and administering it effectively. Because your employees have a role to play in preventing and detecting identity theft, your Program also must include appropriate staff training. If you outsource or subcontract parts of your operations that would be covered by the Rule, your Program also must address how you’ll monitor your contractors’ compliance. The Red Flags Rule gives you the flexibility to design a Program appropriate for your company – its size and potential risks of identity theft. While some businesses and organizations may need a comprehensive Program that addresses a high risk of identity theft in a complex organization, others with a low risk of identity theft could have a more streamlined Program.
  • Lumension compliance and It risk management framework consist of four major workflow steps: Identify Assess Remediate Manage
  • 4 main challenges to efficient compliance and IT risk management. Misinterpretation of policy and control Fragmented –functional silos lead to a non standardized interpretation and implementation of organizational policy Lack of regulatory knowledge Increasing regulation is placing an inordinate amount of demands on a organizations resources required to interpret policy and then define the impact for the organization as well as changes to policy. Companies are increasingly touting to 3 rd party consulting to help defining impact of regulations and to define policy thus leading to a explosion in the cost of compliance. Manual &amp; Disparate Processes Companies rely on manual and adhoc audit processes to gain visibility into their overall compliance and IT risk posture. This leads to compliance by excel and multiple and disparate data bases that prevent a more streamlined and automated workflow that can be standardized for greater efficiency. Fragmented IT Visibility with fragments data being collected the organization has know way to instantaneously see what its compliance and IT risk posture is and thus relies on more adhoc audits thus putting additional strain and existing It resources.
  • LCRM enables the organization to define and maintaining their own compliance and It risk management framework, consolidate and centralize data and standardize workflows. In doing this organizations can achieve: Improvement in overall IT risk and compliance visibility Reduced reliance on 3rd party consulting &amp; auditing resources Continuous monitoring of Complaisance and It Risk posture Optimize IT resources to proactively and efficiently address IT Risk &amp; Compliance exposure
  • Creating Your Red Flags Rule Playbook

    1. 1. Creating Your Red Flags Rule Playbook May 2010
    2. 2. Growing Identity Theft <ul><li>Incidences of identity theft grew by 11 percent from 2008 to 2009 altering the lives of 11 million Americans * </li></ul><ul><li>One in every 20 Americans will be a victim of identity theft this year * </li></ul>* Javelin Strategy & Research 2010 Identity Fraud Survey Report
    3. 3. Agenda <ul><li>Overview of the Red Flags Rule and who must comply </li></ul><ul><li>Learn how to enhance your data security practices </li></ul><ul><li>Harmonize security controls across multiple mandates such as PCI DSS </li></ul><ul><li>Monitor controls that the Federal Trade Commission mandates </li></ul><ul><li>Effectively respond to red flags as they are identified </li></ul>
    4. 4. Today’s Speakers Jeff Hughes Director, Solution Marketing Lumension Brandon Dunlap Managing Director of Research Brightfly
    5. 5. Red Flags Rule – the What, Why, Who and When?
    6. 6. What is the Red Flags Rule Regulation? <ul><li>The red flags fall into five categories: </li></ul><ul><ul><li>Alerts, notifications, or warnings from a consumer reporting agency </li></ul></ul><ul><ul><li>Suspicious documents </li></ul></ul><ul><ul><li>Suspicious personally identifying information (i.e. suspicious address) </li></ul></ul><ul><ul><li>Unusual use relating to a covered account </li></ul></ul><ul><ul><li>Notices from customers, victims of identity theft, law enforcement authorities, or other businesses about possible identity theft in connection with covered accounts </li></ul></ul>
    7. 7. Who Must Comply with the Red Flags Rule? <ul><li>Applies to “financial institutions” and “creditors” </li></ul><ul><ul><li>Financial Institution - a state or national bank, a state or federal savings and loan association, a mutual savings bank, a state or federal credit union, or any other person that, directly or indirectly, holds a transaction account belonging to a consumer. </li></ul></ul><ul><ul><li>Creditor - organizations that regularly defer payment for goods or services or provide goods or services and bill customers later. </li></ul></ul>
    8. 8. Enforcement of Red Flags Rule <ul><li>Compliance Deadline </li></ul><ul><li>Anyone with “covered accounts” must be compliant as of June 1, 2010. </li></ul><ul><li>Audits </li></ul><ul><li>The FTC can conduct investigations to determine if a business has taken appropriate steps to develop and implement a written Program, as required by the Rule. If a violation occurs, the FTC can bring an enforcement action. </li></ul>
    9. 9. Penalties for Non-Compliance <ul><li>The FTC can seek both monetary civil penalties and injunctive relief for violations. </li></ul><ul><li>$3,500 is the maximum civil penalty per violation instance </li></ul><ul><li>Additional costs could include: </li></ul><ul><ul><li>Civil suits </li></ul></ul><ul><ul><li>Reporting and document retention requirements </li></ul></ul><ul><ul><li>Compliance requirements via court order </li></ul></ul>
    10. 10. Enhancing Data Security Practices
    11. 11. Red Flags Rule and Your Security Program <ul><li>4. Manage </li></ul><ul><ul><li>Create operational and strategic visibility across compliance, IT risk and control environments </li></ul></ul><ul><li>1. Identify </li></ul><ul><ul><li>Identify optimal controls to meet your policy requirements </li></ul></ul><ul><li>2. Assess </li></ul><ul><ul><li>Assess technical, procedural, and physical controls </li></ul></ul><ul><li>3. Remediate </li></ul><ul><ul><li>Prioritize and address technical and procedural control deficiencies </li></ul></ul>
    12. 12. Enhancing Data Security Measures <ul><li>Identify Relevant Red Flags </li></ul><ul><ul><li>Identify the red flags of identity theft you’re likely to come across in your business </li></ul></ul><ul><li>Detect Red Flags </li></ul><ul><ul><li>Set up procedures to detect those red flags in your day-to-day operations </li></ul></ul><ul><li>Prevent and Mitigate Identity Theft </li></ul><ul><ul><li>Respond to identified red flags to prevent and mitigate the harm done </li></ul></ul><ul><li>Update your Program </li></ul><ul><ul><li>Keep your program current and educate your staff </li></ul></ul><ul><ul><li>Design and implement a program that is appropriate for your organization’s size and complexity </li></ul></ul>
    13. 13. Harmonize Controls Across Multiple Regulatory Requirements
    14. 14. Compliance and IT Risk Management Challenges Fragmented IT Visibility Lack of Regulatory Knowledge Manual & Disparate Processes Misinterpretation Policies & Controls HIPAA PCI SOX Security Policy Password Length Special Characters Excel Manual Surveys Database Business Processes IT Resources Disparate Data Collection Functional Silos Non Standardized Processes
    15. 15. Similar Requirements to Other Regulations Requirements Red Flags Rule PCI DSS Train Staff to Recognize an Incident Security Awareness and Training Test and Update the Incident Response Plan Maintain Intrusion Detection and Incident Monitoring and Response Capabilities Manage Third-Party Services Report Monitoring Statistics and Follow-up to the Board of Directors
    16. 16. Capabilities to Improve Security and Ensure Compliance
    17. 17. Solutions to Ensure Compliance and Improve Security <ul><li>Lumension ® </li></ul><ul><li>Compliance and IT Risk Management </li></ul><ul><ul><li>Delivers a standardized Compliance and IT risk management framework </li></ul></ul><ul><ul><li>Standardized interpretation of organizational policies and controls </li></ul></ul><ul><ul><li>Improves IT risk and compliance visibility </li></ul></ul><ul><ul><li>Reduces reliance on third party consulting and auditing resources </li></ul></ul><ul><ul><li>Automates and integrates assessment and remediation processes and data </li></ul></ul><ul><ul><li>Optimizes IT resources to proactively address IT risk and compliance exposure </li></ul></ul>Compliance Management IT Risk Management Identify Assess Remediate Manage
    18. 18. Creating Your Playbook
    19. 19. Benefits of Creating a “Playbook” <ul><li>Reduce manual and redundant efforts </li></ul><ul><li>Deliver centralized visibility into your IT risk posture </li></ul><ul><li>Efficient processes extend IT security/compliance budget </li></ul><ul><li>Prioritize remediation against business impact </li></ul><ul><li>Take cost savings and invest in the business to drive innovation </li></ul>
    20. 20. Q&A
    21. 21. <ul><li>Global Headquarters </li></ul><ul><li>8660 East Hartford Drive </li></ul><ul><li>Suite 300 </li></ul><ul><li>Scottsdale, AZ 85255 </li></ul><ul><li>1.888.725.7828 </li></ul><ul><li>[email_address] </li></ul>

    ×