Security Awareness Overview: Tips for Tackling ID Theft Red Flags Rule Compliance
Examination Procedures, Training Programs Take Center Stage as Nov. 1 NearsFor banking institution employees, maybe there was an information security training seminar when they first started. Or an occasional workshop on identity theft or social engineering.
For customers, "statement stuffers" were the operative words.
Then along came the Identity Theft Red Flags Rule, and suddenly banking institutions were required - by Nov. 1, mind you -- to strengthen, document and implement new awareness programs for employees and customers alike. This requirement has been one of the biggest challenges faced by institutions this year, and it was a major focus of our news coverage in the month of August.
Looking back on our month-long focus on training and education, let's start with the word from the top. The Office of Thrift Supervision (OTS) became the first regulatory agency to reveal its examination procedures for ID Theft Red Flags Rule compliance in this piece: ID Theft Red Flags Rule Examination Procedures Unveiled
These procedures include 15 separate examination steps related to three principle elements of the new rule:
And training - including for board members - is a significant component of these procedures.
So, knowing that the training program is such a critical element of compliance, we examined expectations, progress and best-practices in these articles:
ID Theft Red Flags Rule: 3 Keys to Successful Awareness Programs
Regulators Discuss What's Missing Now, What Will Be Sought in Future Exams
ID Theft Red Flags: Essential Elements of Customer Awareness
With New Focus on Prevention, Examiners Will Be Looking Beyond Statement Stuffers
Best Practices in Building Security Awareness
Insights on Keeping an Information Security Training Program Robust and Interesting
While on the topic of Red Flags compliance, I also have to recommend this blog posting by my colleague, Mike D'Agostino (and if you've not been following our blogs, please do take a minute to visit http://blogs.bankinfosecurity.com/):
ID Theft Red Flags: The Only Compliance Initiative Your Customers Care About
Beyond Red Flags, we also tackled other angles of training and education as they relate to banking/security, and I have to recommend this recent interview with Gene Spafford, one of the gurus of security education. Spaff has lots to say about the state of security education and how to start or jumpstart a career in the field. Listen to or read his insights here:
The State of Information Security Education: Interview with Prof. Eugene Spafford
And I'd be remiss if I didn't share some of the other hot stories we covered in the month of August. In case you missed them, please check out these top articles:
Top 6 Regulatory Issues of 2008 - and What's Coming Next TJX Arrests Are 'Tip of the Iceberg' Wells Fargo Reveals Data Breach
Red Flags and Vendor Management are Big Now, But Remote Deposit and PCI Could be Among the Next Hot Topics
Largest ID Theft Case in History is Just a Symptom of True Global Threat, Experts Say
Thousands of Consumer Records Compromised by Data Theft from Vendor