90 Second Safeguards

90 Second Safeguards is a series created by Mosaic Cyber Security and designed to break down the revised FTC Safeguards Rule into digestible chunks.

90ss logo.png
Why Comply?

Why Comply?

Why Comply with the Revised Safeguards Rule? The original rule became law in 2003 and saw very little enforcement in the years since. Many dealers essentially ignored it with little consequence. But that's why the rule was revised.

Qualified Individual

Qualified Individual

One of the revised Safeguards Rule's requirements is that a dealership designates a Qualified Individual. What does that mean and who should it be?

Required Safeguards: Risk Assessment and System Inventory

Mandatory Safeguards: Risk Assessment and System Inventory

Once a QI has been designated, that person’s first task should be to conduct a Risk Assessment. A Risk Assessment is an evaluation of the internal and external risks to the security and integrity of data on a network.

Required Safeguards: Encryption, MFA, and Continuous Monitoring

Mandatory Safeguards: Encryption, MFA, and Continuous Monitoring

A Risk Assessment should tell you what needs to be done. Implementing Safeguards is the doing. Some Safeguards are mandatory. The ones I consider most important include...

Required Safeguards: Access Controls, Systems Inventory, Secure Development Practices

Mandatory Safeguards: Access Controls, Systems Inventory, Secure Development Practices

Let's continue with the list of mandatory safeguards...

Required Safeguards: Disposal Procedures, Change Management Procedures, Monitoring and Logging

Mandatory Safeguards: Disposal Procedures, Change Management Procedures, Monitoring and Logging

Here are the last of the mandatory categories of Safeguards under the revised Rule...

Regularly Test Program Effectiveness

Regularly Test Program Effectiveness

Regular testing and evaluation of your Information Security Program is a must. Of all the safeguards the Rule mandates, this one may do the most to actually protect customer data – if it’s done right.

Implement Policies and Procedures for Personnel to Implement your ISP

Implement Policies and Procedures for Personnel to Implement your ISP

The greatest threat to customer data security is located between the monitor and the chair – in other words, your own employees.

Oversee Service Providers

Oversee Service Providers

The Safeguards Rule requires you to oversee your service providers. In this episode Jim discusses this requirement and its four subparts.

Draft Incident Response Plan

Draft Incident Response Plan

What do you do in the aftermath of a “security event” – anything that results in unauthorized access to or misuse of an IT system and its contents?