|
|
|
AgendaDate: February 6, 2009
Location: : Microsoft,
201 Jones Rd, Waltham, MA Theme: New Security Regulations: Red Flag Rules and Massachusetts Data Security Regulations Agenda
Red Flag Rules ABSTRACT: The Federal Trade Commission (FTC) and the federal financial institution regulatory agencies (e.g. FRB, FDIC, OCC, OTS, and NCUA) published final rules on identity theft "red flags" and address discrepancies in October 2007. The final rules implement sections 114 and 315 of the Fair and Accurate Credit Transactions Act (FACTA) of 2003. The mandatory compliance date for the final rule issued by the federal financial institution regulatory agencies was November 1, 2008. The FTC which has the jurisdiction to conduct investigations to ensure investment companies, broker-dealers, and other nontraditional financial institutions (e.g. commercial financing companies, utilities) compliance with the rule has delayed the compliance date to May 1, 2009. Julianne Inozemcev, a Partner with Ernst & Young LLP, will review the core requirements of the Rule which are focused on design and implementing ID Theft programs and walkthrough the examination procedures published by the federal financial institution regulatory agencies to help companies prepare for examination. In addition, Julianne will share lessons learned by her firm from assisting companies prepare for compliance with the Rule and also ensure that the ID Theft Program is integrated into the broader fraud / consumer protection programs. BIOGRAPHY: Julianne Inozemcev, Partner, Ernst & Young Julianne is a Partner in Ernst & Young’s Financial Services Office based in Boston. Julianne currently specializes in providing assurance and risk advisory services to traditional and non-traditional financial services institutions, including investment banks, traditional and alternative asset managers, broker-dealers and third party administrators. Julianne has been working with domestic and global clients to implement risk and compliance functions through corporate governance, policy management, business process improvement, and technology/systems integration. Recent projects include: policies and procedures review, risk assessment frameworks design and implementation, vendor management programs, and activities to monitor compliance with regulations (Sarbanes Oxley, GLBA and other US and international privacy laws, state customer breach notification laws), regulatory guidance (FDICIA, FFIEC, FINRA, SEC), and other industry standards (i.e., COSO ERM, CobiT, ISO27001). Julianne is a Certified Information Systems Auditor (CISA), Certified Information Privacy Professional (CIPP) and a Certified Public Account (CPA). New Massachusetts Data Security Regulations Reach Beyond State Lines What do they mean to you? ABSTRACT: Massachusetts has issued comprehensive data security regulations that are scheduled to go into effect on May 1, 2009. They apply to any business in possession of personal information of Massachusetts residents, whether or not that business maintains a presence in the state. The first of their kind in the country, these rules apply regardless of industry or the number of Massachusetts residents whose data is involved. These regulations impose very detailed data security and system requirements to protect personal information and may require renegotiation of relationships with vendors to obtain written certifications about vendor practices and personal information. Attorney David Goldstone from Goodwin Procter's Privacy & Data Security Practice will: • Examine the scope and requirements of the new rules • Analyze the inter-relationship between the Massachusetts rules and other information security requirements • Explore best practices for information security policy development and implementation • Share views on current trends in this area, including other states that may be considering similar legislation BIOGRAPHY: : David Goldstone, Partner, Goodwin Proctor, LLP Areas of Practice David Goldstone, a partner in the firm's Intellectual Property and White Collar Crime & Government Investigations Practices, focuses on litigation relating to computer technologies and the Internet. He has extensive experience in patent, copyright trademark, and trade secret litigation, governmental investigations and white collar matters, computer security breaches and licensing disputes. As a former federal prosecutor and a registered patent attorney with undergraduate and graduate degrees in electrical engineering and computer science from the Massachusetts Institute of Technology, Mr. Goldstone is uniquely qualified to litigate cases relating to computer technologies, the Internet, intellectual property, privacy and data security. Work for Clients Mr. Goldstone has extensive experience in all manner of complex litigation, with particular depth in cases relating to computer technology and the Internet. He has litigated cases nationwide, in both federal and state courts. Mr. Goldstone’s experience includes patent, theft of trade secret, and copyright cases, licensing disputes and other criminal and commercial litigation. He has also provided extensive advice to clients on retention of electronic documents and compliance with electronic discovery requirements. Mr. Goldstone also focuses his practice on representing companies and individuals in actual or potential disputes against federal and state government agencies. He has conducted internal investigations in areas ranging from accounting irregularities to computer security. Similarly, Mr. Goldstone often represents companies that have fallen victim to Internet fraud or forms of computer misuse and hacking, sometimes resulting in breaches of corporate data security or privacy, and exploring a variety of potential investigative, civil and law enforcement responses at the company’s disposal. Sponsor Presentation: Access Governance For Compliance Management ABSTRACT: The comprehensive data security regulations issued by Massachusetts and scheduled to go into effect on May 1, 2009 reflect the continued attempt to ensure protection of personal information through rigorous formal procedures. But this set of regulations address just one component of a much larger problem facing businesses today: inadequate governance of user access to sensitive information. Risks related to unauthorized or inappropriate access can appear anywhere within an organization at any time and spread rapidly through the business. All it takes is a single person with the wrong access. The potential cost to the business in terms of lost revenue and increased expense or in damage to customer relationships as well as the loss of corporate brand and reputation is virtually unlimited. To protect against these risks, a strategic approach to governing access is needed, one that enables organizations to deploy continuous access lifecycle management. This presentation will describe the core problem organizations face in effectively governing user access; the risk factors that need to be addressed, and a model for deploying continuous access lifecycle management. BIOGRAPHY: : Deepak Taneja, Founder and CTO Deepak Taneja founded Aveksa in 2004 and led the company from inception through Feb 2008 before moving into the role of President and CTO. In this role, he is responsible for driving Aveksa’s technology vision and ensuring that the company’s solutions deliver the capabilities that customers need to solve their access governance challenges for today and tomorrow. Previously, he was CTO and VP of Engineering at Netegrity, where he was instrumental in establishing the company as a market leader in Identity and Access Management. |
||
|
|
||
|
Copyright © 1998 - 2009 New England Chapter of the ISSA All Rights Reserved Disclaimer |
Date
Last Modified: 3/29/07 |
|
