Security Awareness Overview: Tips for Tackling ID Theft Red Flags Rule Compliance

Examination Procedures, Training Programs Take Center Stage as Nov. 1 Nears
Security Awareness Overview: Tips for Tackling ID Theft Red Flags Rule Compliance
When I started this job a year ago and reached out to banking/security leaders, the overwhelming message I got was "Security awareness - we don't do it well."

For banking institution employees, maybe there was an information security training seminar when they first started. Or an occasional workshop on identity theft or social engineering.

For customers, "statement stuffers" were the operative words.

Then along came the Identity Theft Red Flags Rule, and suddenly banking institutions were required - by Nov. 1, mind you -- to strengthen, document and implement new awareness programs for employees and customers alike. This requirement has been one of the biggest challenges faced by institutions this year, and it was a major focus of our news coverage in the month of August.

Looking back on our month-long focus on training and education, let's start with the word from the top. The Office of Thrift Supervision (OTS) became the first regulatory agency to reveal its examination procedures for ID Theft Red Flags Rule compliance in this piece: ID Theft Red Flags Rule Examination Procedures Unveiled

These procedures include 15 separate examination steps related to three principle elements of the new rule:

Identity Theft/Red Flags;
Change of Address;
Address Discrepancies.

And training - including for board members - is a significant component of these procedures.

So, knowing that the training program is such a critical element of compliance, we examined expectations, progress and best-practices in these articles:

ID Theft Red Flags Rule: 3 Keys to Successful Awareness Programs
Regulators Discuss What's Missing Now, What Will Be Sought in Future Exams

ID Theft Red Flags: Essential Elements of Customer Awareness
With New Focus on Prevention, Examiners Will Be Looking Beyond Statement Stuffers

Best Practices in Building Security Awareness
Insights on Keeping an Information Security Training Program Robust and Interesting

While on the topic of Red Flags compliance, I also have to recommend this blog posting by my colleague, Mike D'Agostino (and if you've not been following our blogs, please do take a minute to visit http://blogs.bankinfosecurity.com/):

ID Theft Red Flags: The Only Compliance Initiative Your Customers Care About

Beyond Red Flags, we also tackled other angles of training and education as they relate to banking/security, and I have to recommend this recent interview with Gene Spafford, one of the gurus of security education. Spaff has lots to say about the state of security education and how to start or jumpstart a career in the field. Listen to or read his insights here:

The State of Information Security Education: Interview with Prof. Eugene Spafford

And I'd be remiss if I didn't share some of the other hot stories we covered in the month of August. In case you missed them, please check out these top articles:

Top 6 Regulatory Issues of 2008 - and What's Coming Next
Red Flags and Vendor Management are Big Now, But Remote Deposit and PCI Could be Among the Next Hot Topics

TJX Arrests Are 'Tip of the Iceberg'
Largest ID Theft Case in History is Just a Symptom of True Global Threat, Experts Say

Wells Fargo Reveals Data Breach
Thousands of Consumer Records Compromised by Data Theft from Vendor


About the Author

Tom Field

Tom Field

Senior Vice President, Editorial, ISMG

Field is responsible for all of ISMG's 28 global media properties and its team of journalists. He also helped to develop and lead ISMG's award-winning summit series that has brought together security practitioners and industry influencers from around the world, as well as ISMG's series of exclusive executive roundtables.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.in, you agree to our use of cookies.