Even with organizations tightening up data security measures, cybercriminals have become very sophisticated and continue to find ways to steal personal information and use it to open or access accounts. According to Javelin Strategies, incidences of identity theft grew by 11 percent from 2008 to 2009 altering the lives of 11 million Americans. If that pattern continues, one in every 20 Americans will be a victim of identity theft this year. The Red Flags Rule, which is enforceable as of June 1, 2010, and carries significant financial recourse for non-compliance, requires organizations across multiple industries to implement additional data security measures and be able to identify the danger signs of fraudulent activity.
In this 30-minute webcast, you will learn key tips to developing your Red Flags Rule playbook to effectively:
1. Enhance your data security practices
2. Harmonize data security control requirements across other data protection regulations such as PCI DSS
3. Monitor controls that the Federal Trade Commission mandates
4. Respond to red flags as they are identified
14. Compliance and IT Risk Management Challenges Fragmented IT Visibility Lack of Regulatory Knowledge Manual & Disparate Processes Misinterpretation Policies & Controls HIPAA PCI SOX Security Policy Password Length Special Characters Excel Manual Surveys Database Business Processes IT Resources Disparate Data Collection Functional Silos Non Standardized Processes
15. Similar Requirements to Other Regulations Requirements Red Flags Rule PCI DSS Train Staff to Recognize an Incident Security Awareness and Training Test and Update the Incident Response Plan Maintain Intrusion Detection and Incident Monitoring and Response Capabilities Manage Third-Party Services Report Monitoring Statistics and Follow-up to the Board of Directors
Just getting something down on paper won’t reduce the risk of identity theft. That’s why the Red Flags Rule sets out requirements on how to incorporate your Program into the daily operations of your business. Your board of directors (or a committee of the board) has to approve your first written Program. If you don’t have a board, approval is up to an appropriate senior-level employee. Your Program must state who’s responsible for implementing and administering it effectively. Because your employees have a role to play in preventing and detecting identity theft, your Program also must include appropriate staff training. If you outsource or subcontract parts of your operations that would be covered by the Rule, your Program also must address how you’ll monitor your contractors’ compliance. The Red Flags Rule gives you the flexibility to design a Program appropriate for your company – its size and potential risks of identity theft. While some businesses and organizations may need a comprehensive Program that addresses a high risk of identity theft in a complex organization, others with a low risk of identity theft could have a more streamlined Program.
Lumension compliance and It risk management framework consist of four major workflow steps: Identify Assess Remediate Manage
4 main challenges to efficient compliance and IT risk management. Misinterpretation of policy and control Fragmented –functional silos lead to a non standardized interpretation and implementation of organizational policy Lack of regulatory knowledge Increasing regulation is placing an inordinate amount of demands on a organizations resources required to interpret policy and then define the impact for the organization as well as changes to policy. Companies are increasingly touting to 3 rd party consulting to help defining impact of regulations and to define policy thus leading to a explosion in the cost of compliance. Manual & Disparate Processes Companies rely on manual and adhoc audit processes to gain visibility into their overall compliance and IT risk posture. This leads to compliance by excel and multiple and disparate data bases that prevent a more streamlined and automated workflow that can be standardized for greater efficiency. Fragmented IT Visibility with fragments data being collected the organization has know way to instantaneously see what its compliance and IT risk posture is and thus relies on more adhoc audits thus putting additional strain and existing It resources.
LCRM enables the organization to define and maintaining their own compliance and It risk management framework, consolidate and centralize data and standardize workflows. In doing this organizations can achieve: Improvement in overall IT risk and compliance visibility Reduced reliance on 3rd party consulting & auditing resources Continuous monitoring of Complaisance and It Risk posture Optimize IT resources to proactively and efficiently address IT Risk & Compliance exposure