Federal banking risk management metrics, i.e., CAMELS and Basel II, require Boards of Directors to have an effective set of metrics to measure, monitor and manage exposure to operational risks. The Online Brand Rating model measures, per federal regulations, the exposure of a brand to corporate identity theft or federal crimes that are deceptive and unfair to consumers and pose data security violations for the IP (intellectual property) owner. The Online Brand Rating model is part of the Information Security Governance Framework Model for Operational Risks per Basel II. Visit www.isgovernance.com.
Corporate identity theft or intellectual property infringements in the form of fraudulent domain names used within phishing, email spam and fake web sites (IP Asset Frauds) are rampant1 and Unfair and Deceptive practices against consumers that attack trade secrets or sensitive customer information, inside and outside of bank IT networks, resulting in operational losses, operational risks and reputational harm for corporations and consumers, alike. Domain name identity theft is based on comparable trademark infringement cases won by trademark owners causing consumer confusion as filed under the Lanham Act (defined in Wikipedia; full text available from Cornell Legal Information Institute), Uniform Domain Name Dispute Resolution Policy, and/or Anti-Cybersquatting Act. 1(President’s Identity Theft Task Force Report, page 91. www.idtheft.gov)
Corporate identity theft and its many forms of fraudulent domain names as used within fake web sites, sub-domains, email spam and phishing are defined in the diagram below:
The top half of the diagram below is a summary of the range of Data Security Violations due to the failure of financial firms to fully enact the information security regulations of GLBA, especially as it relates to preventing the deceptive and defrauding use of bank domain names per the supervisory guidances of GLBA 501(b), 521 and 523, per Matrix D1 of the Information Security Governance Framework, in federal crimes that include fake web sites, email spam and phishing which are deceptive and unfair acts against consumers in violation of the FTC ACT.
The lower half of the diagram measures the ownership levels of confusingly similar domain names for a portfolio of bank trademarks on a scale ranging from less than 1% (F25 Rating) to 99.5% (A Rating) as a way to measure degrees of (1) compliance with federal regulations on safeguarding bank brands from corporate identity theft and (2) exposure to operational risks (data security violations) for failing to safeguard domain names from corporate identity theft. Weak online brands (F Ratings) are defined by low domain name ownership levels that equate to low remediation budgets and high operational risk exposures while strong online brands (A Ratings) are defined by high domain name ownership levels that equate to corresponding intellectual property investment budgets and low operational risk exposures. This is the Online Brand Rating model.
The purpose of the Online Brand Rating is to help:
| (1) | Boards of Directors and C-Level executives measure the effectiveness of their Information Security Program for IP Governance per federal and state regulations. |
| (2) | Consumers understand the degree of exposure for bank brands to corporate identity theft, a source of terrorism funding. |
Online Brand Ratings are available online as a Pillar 3 service under Basel II. Pillar 3 is designed to provide disclosures on operational risk profiles, in this case, on IP information security risks.
