To learn about (1) the expanding maze of overlapping federal regulations, (2) a scenario risk analysis with comparable litigation and regulatory enforcement cases, (3) exposure to unfunded liablities (operational risks) and operational losses, and (4) Board obligations to approve, validate and verify risk-tolerance metrics per Basel II, please visit Governance  for 7 key questions for Audit Committees and the Information Security Governance Framework.

Fundamentally, there is a systemic flaw within nearly all "information security governance models" due to a concentration on Information Technology or IT Governance issues and a de minimis attention to Intellectual Property Governance (IP Governance) or the safeguarding of digital assets, per federal regulations, that are used in federal corporate identity theft crimes which are Deceptive and Unfair Practices against consumers. A White Paper documenting all relevant GLBA and FTC ACT regulations and supervisory guidances issued by the FTC, FDIC, FRB, OCC, OTS, and NCUA on Intellectual Property Governance compliance obligations is available at this link. This quotes directly from all of the supervisory guidances in Matrix D1 of the Information Security Governance Framework.

These issues rise to the surface when one maps out and measures compliance with federal regulations on information security and consumer protection laws per the Basel II Advanced Measurement Approach for Operational Risk. Visit the Home Page to view the diagram of Information Security Governance which shows the interrelationships between IP Governance and IT Governance and the lifecycle of identity theft per the President's Identity Theft Task Force Report.