SlideShare una empresa de Scribd logo
1 de 21
Descargar para leer sin conexión
Creating Your Red Flags Rule Playbook May 2010
Growing Identity Theft ,[object Object],[object Object],* Javelin Strategy & Research 2010 Identity Fraud Survey Report
Agenda ,[object Object],[object Object],[object Object],[object Object],[object Object]
Today’s Speakers Jeff Hughes Director, Solution Marketing Lumension Brandon Dunlap Managing Director of Research Brightfly
Red Flags Rule – the What, Why, Who and When?
What is the Red Flags Rule Regulation? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Who Must Comply with the Red Flags Rule? ,[object Object],[object Object],[object Object]
Enforcement of Red Flags Rule ,[object Object],[object Object],[object Object],[object Object]
Penalties for Non-Compliance ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Enhancing Data Security Practices
Red Flags Rule and Your Security Program ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Enhancing Data Security Measures ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Harmonize Controls  Across Multiple Regulatory Requirements
Compliance and IT Risk Management  Challenges Fragmented IT Visibility Lack of Regulatory Knowledge  Manual & Disparate Processes Misinterpretation Policies & Controls HIPAA PCI SOX Security Policy Password Length Special Characters Excel Manual Surveys Database Business Processes IT Resources Disparate  Data Collection Functional Silos Non Standardized Processes
Similar Requirements to Other Regulations Requirements Red Flags Rule PCI DSS Train Staff to Recognize an Incident Security Awareness and Training Test and Update the Incident Response Plan Maintain Intrusion Detection and Incident Monitoring and Response Capabilities Manage Third-Party Services Report Monitoring Statistics and Follow-up to the Board of Directors
Capabilities to Improve Security  and Ensure Compliance
Solutions to Ensure Compliance and Improve Security ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Compliance Management IT Risk Management Identify Assess Remediate Manage
Creating Your Playbook
Benefits of Creating a “Playbook” ,[object Object],[object Object],[object Object],[object Object],[object Object]
Q&A
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Más contenido relacionado

La actualidad más candente

Securing Business: Strategic Enablement of Users
Securing Business: Strategic Enablement of UsersSecuring Business: Strategic Enablement of Users
Securing Business: Strategic Enablement of UsersJon Gatrell
 
Best Practices In Corporate Privacy & Information Security
Best Practices In Corporate Privacy & Information SecurityBest Practices In Corporate Privacy & Information Security
Best Practices In Corporate Privacy & Information Securitysatyakam_biswas
 
Avoid the Audit Trap
Avoid the Audit TrapAvoid the Audit Trap
Avoid the Audit TrapIdeba
 
Risk Management ecommerce
Risk Management ecommerceRisk Management ecommerce
Risk Management ecommerceRaina Zia
 
Is Security Team 2 Glba
Is Security Team 2 GlbaIs Security Team 2 Glba
Is Security Team 2 Glbaguestfd062
 
Fiserv FCRM Platform Brochure
Fiserv FCRM Platform BrochureFiserv FCRM Platform Brochure
Fiserv FCRM Platform BrochurePaul Stabile
 
Empowering Government agencies though Contextual computing
Empowering Government agencies though Contextual computingEmpowering Government agencies though Contextual computing
Empowering Government agencies though Contextual computingIBM Government
 
Saahil Goel Firm Profile
Saahil Goel Firm ProfileSaahil Goel Firm Profile
Saahil Goel Firm Profileguestfd062
 
Presentation: Compliance & Third Party Due Diligence
Presentation: Compliance & Third Party Due DiligencePresentation: Compliance & Third Party Due Diligence
Presentation: Compliance & Third Party Due DiligenceethiXbase
 
Checklist for selecting vietnam software outsourcing vendor
Checklist for selecting vietnam software outsourcing vendorChecklist for selecting vietnam software outsourcing vendor
Checklist for selecting vietnam software outsourcing vendorTMA Solutions
 
Convergence Compliance E Discovery Rim.Doc
Convergence Compliance E Discovery Rim.DocConvergence Compliance E Discovery Rim.Doc
Convergence Compliance E Discovery Rim.DocDavid Haines
 
Third Party Due Diligence - Case Study Discussion
Third Party Due Diligence - Case Study DiscussionThird Party Due Diligence - Case Study Discussion
Third Party Due Diligence - Case Study DiscussionSam Gibbins 紀俊森
 
Legal issues of domain names & trademarks
Legal issues of domain names & trademarksLegal issues of domain names & trademarks
Legal issues of domain names & trademarksMatt Siltala
 
Third-Party Risk Management: How to Identify, Assess & Act
Third-Party Risk Management: How to Identify, Assess & ActThird-Party Risk Management: How to Identify, Assess & Act
Third-Party Risk Management: How to Identify, Assess & ActTrustArc
 
Get Ready for Syncsort's New Best-of-Breed Security Solution
Get Ready for Syncsort's New Best-of-Breed Security SolutionGet Ready for Syncsort's New Best-of-Breed Security Solution
Get Ready for Syncsort's New Best-of-Breed Security SolutionPrecisely
 
Legal vectors - Survey of Law, Regulation and Technology Risk
Legal vectors - Survey of Law, Regulation and Technology RiskLegal vectors - Survey of Law, Regulation and Technology Risk
Legal vectors - Survey of Law, Regulation and Technology RiskWilliam Gamble
 

La actualidad más candente (19)

Securing Business: Strategic Enablement of Users
Securing Business: Strategic Enablement of UsersSecuring Business: Strategic Enablement of Users
Securing Business: Strategic Enablement of Users
 
Best Practices In Corporate Privacy & Information Security
Best Practices In Corporate Privacy & Information SecurityBest Practices In Corporate Privacy & Information Security
Best Practices In Corporate Privacy & Information Security
 
Clifford wilke
Clifford wilkeClifford wilke
Clifford wilke
 
Avoid the Audit Trap
Avoid the Audit TrapAvoid the Audit Trap
Avoid the Audit Trap
 
Risk Management ecommerce
Risk Management ecommerceRisk Management ecommerce
Risk Management ecommerce
 
Is Security Team 2 Glba
Is Security Team 2 GlbaIs Security Team 2 Glba
Is Security Team 2 Glba
 
Fiserv FCRM Platform Brochure
Fiserv FCRM Platform BrochureFiserv FCRM Platform Brochure
Fiserv FCRM Platform Brochure
 
Empowering Government agencies though Contextual computing
Empowering Government agencies though Contextual computingEmpowering Government agencies though Contextual computing
Empowering Government agencies though Contextual computing
 
IRBsearch | GLBA data
IRBsearch | GLBA dataIRBsearch | GLBA data
IRBsearch | GLBA data
 
Saahil Goel Firm Profile
Saahil Goel Firm ProfileSaahil Goel Firm Profile
Saahil Goel Firm Profile
 
Presentation: Compliance & Third Party Due Diligence
Presentation: Compliance & Third Party Due DiligencePresentation: Compliance & Third Party Due Diligence
Presentation: Compliance & Third Party Due Diligence
 
Checklist for selecting vietnam software outsourcing vendor
Checklist for selecting vietnam software outsourcing vendorChecklist for selecting vietnam software outsourcing vendor
Checklist for selecting vietnam software outsourcing vendor
 
Convergence Compliance E Discovery Rim.Doc
Convergence Compliance E Discovery Rim.DocConvergence Compliance E Discovery Rim.Doc
Convergence Compliance E Discovery Rim.Doc
 
Third Party Due Diligence - Case Study Discussion
Third Party Due Diligence - Case Study DiscussionThird Party Due Diligence - Case Study Discussion
Third Party Due Diligence - Case Study Discussion
 
Ccs
CcsCcs
Ccs
 
Legal issues of domain names & trademarks
Legal issues of domain names & trademarksLegal issues of domain names & trademarks
Legal issues of domain names & trademarks
 
Third-Party Risk Management: How to Identify, Assess & Act
Third-Party Risk Management: How to Identify, Assess & ActThird-Party Risk Management: How to Identify, Assess & Act
Third-Party Risk Management: How to Identify, Assess & Act
 
Get Ready for Syncsort's New Best-of-Breed Security Solution
Get Ready for Syncsort's New Best-of-Breed Security SolutionGet Ready for Syncsort's New Best-of-Breed Security Solution
Get Ready for Syncsort's New Best-of-Breed Security Solution
 
Legal vectors - Survey of Law, Regulation and Technology Risk
Legal vectors - Survey of Law, Regulation and Technology RiskLegal vectors - Survey of Law, Regulation and Technology Risk
Legal vectors - Survey of Law, Regulation and Technology Risk
 

Similar a Creating Your Red Flags Rule Playbook

Managing Privacy Risk and Promoting Ethical Culture in the Digital Age
Managing Privacy Risk and Promoting Ethical Culture in the Digital AgeManaging Privacy Risk and Promoting Ethical Culture in the Digital Age
Managing Privacy Risk and Promoting Ethical Culture in the Digital AgePerficient, Inc.
 
Information Security Program & PCI Compliance Planning for your Business
Information Security Program & PCI Compliance Planning for your BusinessInformation Security Program & PCI Compliance Planning for your Business
Information Security Program & PCI Compliance Planning for your BusinessLaura Perry
 
Keep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR SuccessKeep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR SuccessSirius
 
Hildebrandt baker robbins presentation for coo roundtable 2010 by dave cunn...
Hildebrandt baker robbins presentation for coo roundtable 2010   by dave cunn...Hildebrandt baker robbins presentation for coo roundtable 2010   by dave cunn...
Hildebrandt baker robbins presentation for coo roundtable 2010 by dave cunn...David Cunningham
 
Cyber Security Risk Management
Cyber Security Risk ManagementCyber Security Risk Management
Cyber Security Risk ManagementShaun Sloan
 
Info Security & PCI(original)
Info Security & PCI(original)Info Security & PCI(original)
Info Security & PCI(original)NCTechSymposium
 
Third Party Risk Management
Third Party Risk ManagementThird Party Risk Management
Third Party Risk Managementbanerjeerohit
 
ISSA Data Retention Policy Development
ISSA Data Retention Policy DevelopmentISSA Data Retention Policy Development
ISSA Data Retention Policy DevelopmentBill Lisse
 
Managing Mobile Menaces
Managing Mobile MenacesManaging Mobile Menaces
Managing Mobile MenacesNalneesh Gaur
 
An Overview of the Major Compliance Requirements
An Overview of the Major Compliance RequirementsAn Overview of the Major Compliance Requirements
An Overview of the Major Compliance RequirementsDoubleHorn
 
Business Intelligence For Anti-Money Laundering
Business Intelligence For Anti-Money LaunderingBusiness Intelligence For Anti-Money Laundering
Business Intelligence For Anti-Money LaunderingKartik Mehta
 
Implementing And Managing A Multinational Privacy Program
Implementing And Managing A Multinational Privacy ProgramImplementing And Managing A Multinational Privacy Program
Implementing And Managing A Multinational Privacy ProgramMSpadea
 
Information Risk Management Overview
Information Risk Management OverviewInformation Risk Management Overview
Information Risk Management Overviewelvinchan
 
M014 Confluence Presentation 08 15 06
M014 Confluence Presentation 08 15 06M014 Confluence Presentation 08 15 06
M014 Confluence Presentation 08 15 06gbroadbent67
 
Data Risks In A Digital Age
Data Risks In A Digital Age Data Risks In A Digital Age
Data Risks In A Digital Age padler01
 
Business Intelligence For Aml
Business Intelligence For AmlBusiness Intelligence For Aml
Business Intelligence For AmlKartik Mehta
 

Similar a Creating Your Red Flags Rule Playbook (20)

Managing Privacy Risk and Promoting Ethical Culture in the Digital Age
Managing Privacy Risk and Promoting Ethical Culture in the Digital AgeManaging Privacy Risk and Promoting Ethical Culture in the Digital Age
Managing Privacy Risk and Promoting Ethical Culture in the Digital Age
 
Information Security Program & PCI Compliance Planning for your Business
Information Security Program & PCI Compliance Planning for your BusinessInformation Security Program & PCI Compliance Planning for your Business
Information Security Program & PCI Compliance Planning for your Business
 
Keep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR SuccessKeep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR Success
 
Hildebrandt baker robbins presentation for coo roundtable 2010 by dave cunn...
Hildebrandt baker robbins presentation for coo roundtable 2010   by dave cunn...Hildebrandt baker robbins presentation for coo roundtable 2010   by dave cunn...
Hildebrandt baker robbins presentation for coo roundtable 2010 by dave cunn...
 
Accounting
AccountingAccounting
Accounting
 
Cyber Security Risk Management
Cyber Security Risk ManagementCyber Security Risk Management
Cyber Security Risk Management
 
Info Security & PCI(original)
Info Security & PCI(original)Info Security & PCI(original)
Info Security & PCI(original)
 
Third Party Risk Management
Third Party Risk ManagementThird Party Risk Management
Third Party Risk Management
 
Data breaches at home and abroad
Data breaches at home and abroad Data breaches at home and abroad
Data breaches at home and abroad
 
ISSA Data Retention Policy Development
ISSA Data Retention Policy DevelopmentISSA Data Retention Policy Development
ISSA Data Retention Policy Development
 
EDI 2009 Controlling E-Discovery Costs through Records Management
EDI 2009 Controlling E-Discovery Costs through Records ManagementEDI 2009 Controlling E-Discovery Costs through Records Management
EDI 2009 Controlling E-Discovery Costs through Records Management
 
Managing Mobile Menaces
Managing Mobile MenacesManaging Mobile Menaces
Managing Mobile Menaces
 
An Overview of the Major Compliance Requirements
An Overview of the Major Compliance RequirementsAn Overview of the Major Compliance Requirements
An Overview of the Major Compliance Requirements
 
Business Intelligence For Anti-Money Laundering
Business Intelligence For Anti-Money LaunderingBusiness Intelligence For Anti-Money Laundering
Business Intelligence For Anti-Money Laundering
 
Implementing And Managing A Multinational Privacy Program
Implementing And Managing A Multinational Privacy ProgramImplementing And Managing A Multinational Privacy Program
Implementing And Managing A Multinational Privacy Program
 
FACTA Red Flags 2010
FACTA Red Flags 2010FACTA Red Flags 2010
FACTA Red Flags 2010
 
Information Risk Management Overview
Information Risk Management OverviewInformation Risk Management Overview
Information Risk Management Overview
 
M014 Confluence Presentation 08 15 06
M014 Confluence Presentation 08 15 06M014 Confluence Presentation 08 15 06
M014 Confluence Presentation 08 15 06
 
Data Risks In A Digital Age
Data Risks In A Digital Age Data Risks In A Digital Age
Data Risks In A Digital Age
 
Business Intelligence For Aml
Business Intelligence For AmlBusiness Intelligence For Aml
Business Intelligence For Aml
 

Más de Lumension

Using SCCM 2012 r2 to Patch Linux, UNIX and Macs
Using SCCM 2012 r2 to Patch Linux, UNIX and MacsUsing SCCM 2012 r2 to Patch Linux, UNIX and Macs
Using SCCM 2012 r2 to Patch Linux, UNIX and MacsLumension
 
2015 Endpoint and Mobile Security Buyers Guide
2015 Endpoint and Mobile Security Buyers Guide2015 Endpoint and Mobile Security Buyers Guide
2015 Endpoint and Mobile Security Buyers GuideLumension
 
Top 10 Things to Secure on iOS and Android to Protect Corporate Information
Top 10 Things to Secure on iOS and Android to Protect Corporate InformationTop 10 Things to Secure on iOS and Android to Protect Corporate Information
Top 10 Things to Secure on iOS and Android to Protect Corporate InformationLumension
 
2014 BYOD and Mobile Security Survey Preliminary Results
2014 BYOD and Mobile Security Survey Preliminary Results2014 BYOD and Mobile Security Survey Preliminary Results
2014 BYOD and Mobile Security Survey Preliminary ResultsLumension
 
Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps...
Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps...Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps...
Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps...Lumension
 
Careto: Unmasking a New Level in APT-ware
Careto: Unmasking a New Level in APT-ware Careto: Unmasking a New Level in APT-ware
Careto: Unmasking a New Level in APT-ware Lumension
 
Securing Your Point of Sale Systems: Stopping Malware and Data Theft
Securing Your Point of Sale Systems: Stopping Malware and Data TheftSecuring Your Point of Sale Systems: Stopping Malware and Data Theft
Securing Your Point of Sale Systems: Stopping Malware and Data TheftLumension
 
2014 Security Trends: SIEM, Endpoint Security, Data Loss, Mobile Devices and ...
2014 Security Trends: SIEM, Endpoint Security, Data Loss, Mobile Devices and ...2014 Security Trends: SIEM, Endpoint Security, Data Loss, Mobile Devices and ...
2014 Security Trends: SIEM, Endpoint Security, Data Loss, Mobile Devices and ...Lumension
 
2014 Data Protection Maturity Survey: Results and Analysis
2014 Data Protection Maturity Survey: Results and Analysis2014 Data Protection Maturity Survey: Results and Analysis
2014 Data Protection Maturity Survey: Results and AnalysisLumension
 
Greatest It Security Risks of 2014: 5th Annual State of Endpoint Risk
Greatest It Security Risks of 2014: 5th Annual State of Endpoint RiskGreatest It Security Risks of 2014: 5th Annual State of Endpoint Risk
Greatest It Security Risks of 2014: 5th Annual State of Endpoint RiskLumension
 
Windows XP is Coming to an End: How to Stay Secure Before You Migrate
Windows XP is Coming to an End: How to Stay Secure Before You MigrateWindows XP is Coming to an End: How to Stay Secure Before You Migrate
Windows XP is Coming to an End: How to Stay Secure Before You MigrateLumension
 
Adobe Hacked Again: What Does It Mean for You?
Adobe Hacked Again: What Does It Mean for You? Adobe Hacked Again: What Does It Mean for You?
Adobe Hacked Again: What Does It Mean for You? Lumension
 
Real World Defense Strategies for Targeted Endpoint Threats
Real World Defense Strategies for Targeted Endpoint Threats Real World Defense Strategies for Targeted Endpoint Threats
Real World Defense Strategies for Targeted Endpoint Threats Lumension
 
APTs: The State of Server Side Risk and Steps to Minimize Risk
APTs: The State of Server Side Risk and Steps to Minimize RiskAPTs: The State of Server Side Risk and Steps to Minimize Risk
APTs: The State of Server Side Risk and Steps to Minimize RiskLumension
 
2014 Ultimate Buyers Guide to Endpoint Security Solutions
2014 Ultimate Buyers Guide to Endpoint Security Solutions2014 Ultimate Buyers Guide to Endpoint Security Solutions
2014 Ultimate Buyers Guide to Endpoint Security SolutionsLumension
 
Data Protection Rules are Changing: What Can You Do to Prepare?
Data Protection Rules are Changing: What Can You Do to Prepare?Data Protection Rules are Changing: What Can You Do to Prepare?
Data Protection Rules are Changing: What Can You Do to Prepare?Lumension
 
Java Insecurity: How to Deal with the Constant Vulnerabilities
Java Insecurity: How to Deal with the Constant VulnerabilitiesJava Insecurity: How to Deal with the Constant Vulnerabilities
Java Insecurity: How to Deal with the Constant VulnerabilitiesLumension
 
BYOD & Mobile Security: How to Respond to the Security Risks
BYOD & Mobile Security: How to Respond to the Security RisksBYOD & Mobile Security: How to Respond to the Security Risks
BYOD & Mobile Security: How to Respond to the Security RisksLumension
 
3 Executive Strategies to Reduce Your IT Risk
3 Executive Strategies to Reduce Your IT Risk3 Executive Strategies to Reduce Your IT Risk
3 Executive Strategies to Reduce Your IT RiskLumension
 
The Evolution of Advanced Persistent Threats_The Current Risks and Mitigation...
The Evolution of Advanced Persistent Threats_The Current Risks and Mitigation...The Evolution of Advanced Persistent Threats_The Current Risks and Mitigation...
The Evolution of Advanced Persistent Threats_The Current Risks and Mitigation...Lumension
 

Más de Lumension (20)

Using SCCM 2012 r2 to Patch Linux, UNIX and Macs
Using SCCM 2012 r2 to Patch Linux, UNIX and MacsUsing SCCM 2012 r2 to Patch Linux, UNIX and Macs
Using SCCM 2012 r2 to Patch Linux, UNIX and Macs
 
2015 Endpoint and Mobile Security Buyers Guide
2015 Endpoint and Mobile Security Buyers Guide2015 Endpoint and Mobile Security Buyers Guide
2015 Endpoint and Mobile Security Buyers Guide
 
Top 10 Things to Secure on iOS and Android to Protect Corporate Information
Top 10 Things to Secure on iOS and Android to Protect Corporate InformationTop 10 Things to Secure on iOS and Android to Protect Corporate Information
Top 10 Things to Secure on iOS and Android to Protect Corporate Information
 
2014 BYOD and Mobile Security Survey Preliminary Results
2014 BYOD and Mobile Security Survey Preliminary Results2014 BYOD and Mobile Security Survey Preliminary Results
2014 BYOD and Mobile Security Survey Preliminary Results
 
Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps...
Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps...Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps...
Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps...
 
Careto: Unmasking a New Level in APT-ware
Careto: Unmasking a New Level in APT-ware Careto: Unmasking a New Level in APT-ware
Careto: Unmasking a New Level in APT-ware
 
Securing Your Point of Sale Systems: Stopping Malware and Data Theft
Securing Your Point of Sale Systems: Stopping Malware and Data TheftSecuring Your Point of Sale Systems: Stopping Malware and Data Theft
Securing Your Point of Sale Systems: Stopping Malware and Data Theft
 
2014 Security Trends: SIEM, Endpoint Security, Data Loss, Mobile Devices and ...
2014 Security Trends: SIEM, Endpoint Security, Data Loss, Mobile Devices and ...2014 Security Trends: SIEM, Endpoint Security, Data Loss, Mobile Devices and ...
2014 Security Trends: SIEM, Endpoint Security, Data Loss, Mobile Devices and ...
 
2014 Data Protection Maturity Survey: Results and Analysis
2014 Data Protection Maturity Survey: Results and Analysis2014 Data Protection Maturity Survey: Results and Analysis
2014 Data Protection Maturity Survey: Results and Analysis
 
Greatest It Security Risks of 2014: 5th Annual State of Endpoint Risk
Greatest It Security Risks of 2014: 5th Annual State of Endpoint RiskGreatest It Security Risks of 2014: 5th Annual State of Endpoint Risk
Greatest It Security Risks of 2014: 5th Annual State of Endpoint Risk
 
Windows XP is Coming to an End: How to Stay Secure Before You Migrate
Windows XP is Coming to an End: How to Stay Secure Before You MigrateWindows XP is Coming to an End: How to Stay Secure Before You Migrate
Windows XP is Coming to an End: How to Stay Secure Before You Migrate
 
Adobe Hacked Again: What Does It Mean for You?
Adobe Hacked Again: What Does It Mean for You? Adobe Hacked Again: What Does It Mean for You?
Adobe Hacked Again: What Does It Mean for You?
 
Real World Defense Strategies for Targeted Endpoint Threats
Real World Defense Strategies for Targeted Endpoint Threats Real World Defense Strategies for Targeted Endpoint Threats
Real World Defense Strategies for Targeted Endpoint Threats
 
APTs: The State of Server Side Risk and Steps to Minimize Risk
APTs: The State of Server Side Risk and Steps to Minimize RiskAPTs: The State of Server Side Risk and Steps to Minimize Risk
APTs: The State of Server Side Risk and Steps to Minimize Risk
 
2014 Ultimate Buyers Guide to Endpoint Security Solutions
2014 Ultimate Buyers Guide to Endpoint Security Solutions2014 Ultimate Buyers Guide to Endpoint Security Solutions
2014 Ultimate Buyers Guide to Endpoint Security Solutions
 
Data Protection Rules are Changing: What Can You Do to Prepare?
Data Protection Rules are Changing: What Can You Do to Prepare?Data Protection Rules are Changing: What Can You Do to Prepare?
Data Protection Rules are Changing: What Can You Do to Prepare?
 
Java Insecurity: How to Deal with the Constant Vulnerabilities
Java Insecurity: How to Deal with the Constant VulnerabilitiesJava Insecurity: How to Deal with the Constant Vulnerabilities
Java Insecurity: How to Deal with the Constant Vulnerabilities
 
BYOD & Mobile Security: How to Respond to the Security Risks
BYOD & Mobile Security: How to Respond to the Security RisksBYOD & Mobile Security: How to Respond to the Security Risks
BYOD & Mobile Security: How to Respond to the Security Risks
 
3 Executive Strategies to Reduce Your IT Risk
3 Executive Strategies to Reduce Your IT Risk3 Executive Strategies to Reduce Your IT Risk
3 Executive Strategies to Reduce Your IT Risk
 
The Evolution of Advanced Persistent Threats_The Current Risks and Mitigation...
The Evolution of Advanced Persistent Threats_The Current Risks and Mitigation...The Evolution of Advanced Persistent Threats_The Current Risks and Mitigation...
The Evolution of Advanced Persistent Threats_The Current Risks and Mitigation...
 

Último

Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioChristian Posta
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDELiveplex
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Commit University
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.YounusS2
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfAijun Zhang
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemAsko Soukka
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationIES VE
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UbiTrack UK
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAshyamraj55
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding TeamAdam Moalla
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxGDSC PJATK
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-pyJamie (Taka) Wang
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarPrecisely
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1DianaGray10
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024D Cloud Solutions
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?IES VE
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdfPedro Manuel
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URLRuncy Oommen
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfDianaGray10
 

Último (20)

Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and Istio
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdf
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystem
 
20150722 - AGV
20150722 - AGV20150722 - AGV
20150722 - AGV
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptx
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-py
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity Webinar
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdf
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URL
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
 

Creating Your Red Flags Rule Playbook

  • 1. Creating Your Red Flags Rule Playbook May 2010
  • 2.
  • 3.
  • 4. Today’s Speakers Jeff Hughes Director, Solution Marketing Lumension Brandon Dunlap Managing Director of Research Brightfly
  • 5. Red Flags Rule – the What, Why, Who and When?
  • 6.
  • 7.
  • 8.
  • 9.
  • 11.
  • 12.
  • 13. Harmonize Controls Across Multiple Regulatory Requirements
  • 14. Compliance and IT Risk Management Challenges Fragmented IT Visibility Lack of Regulatory Knowledge Manual & Disparate Processes Misinterpretation Policies & Controls HIPAA PCI SOX Security Policy Password Length Special Characters Excel Manual Surveys Database Business Processes IT Resources Disparate Data Collection Functional Silos Non Standardized Processes
  • 15. Similar Requirements to Other Regulations Requirements Red Flags Rule PCI DSS Train Staff to Recognize an Incident Security Awareness and Training Test and Update the Incident Response Plan Maintain Intrusion Detection and Incident Monitoring and Response Capabilities Manage Third-Party Services Report Monitoring Statistics and Follow-up to the Board of Directors
  • 16. Capabilities to Improve Security and Ensure Compliance
  • 17.
  • 19.
  • 20. Q&A
  • 21.

Notas del editor

  1. Just getting something down on paper won’t reduce the risk of identity theft. That’s why the Red Flags Rule sets out requirements on how to incorporate your Program into the daily operations of your business. Your board of directors (or a committee of the board) has to approve your first written Program. If you don’t have a board, approval is up to an appropriate senior-level employee. Your Program must state who’s responsible for implementing and administering it effectively. Because your employees have a role to play in preventing and detecting identity theft, your Program also must include appropriate staff training. If you outsource or subcontract parts of your operations that would be covered by the Rule, your Program also must address how you’ll monitor your contractors’ compliance. The Red Flags Rule gives you the flexibility to design a Program appropriate for your company – its size and potential risks of identity theft. While some businesses and organizations may need a comprehensive Program that addresses a high risk of identity theft in a complex organization, others with a low risk of identity theft could have a more streamlined Program.
  2. Lumension compliance and It risk management framework consist of four major workflow steps: Identify Assess Remediate Manage
  3. 4 main challenges to efficient compliance and IT risk management. Misinterpretation of policy and control Fragmented –functional silos lead to a non standardized interpretation and implementation of organizational policy Lack of regulatory knowledge Increasing regulation is placing an inordinate amount of demands on a organizations resources required to interpret policy and then define the impact for the organization as well as changes to policy. Companies are increasingly touting to 3 rd party consulting to help defining impact of regulations and to define policy thus leading to a explosion in the cost of compliance. Manual & Disparate Processes Companies rely on manual and adhoc audit processes to gain visibility into their overall compliance and IT risk posture. This leads to compliance by excel and multiple and disparate data bases that prevent a more streamlined and automated workflow that can be standardized for greater efficiency. Fragmented IT Visibility with fragments data being collected the organization has know way to instantaneously see what its compliance and IT risk posture is and thus relies on more adhoc audits thus putting additional strain and existing It resources.
  4. LCRM enables the organization to define and maintaining their own compliance and It risk management framework, consolidate and centralize data and standardize workflows. In doing this organizations can achieve: Improvement in overall IT risk and compliance visibility Reduced reliance on 3rd party consulting & auditing resources Continuous monitoring of Complaisance and It Risk posture Optimize IT resources to proactively and efficiently address IT Risk & Compliance exposure