Regulatory Reality:

May, 2009

1

May 29, 2009  2:44 AM

Information security pros (and cons).



Posted by: David Schneier
encryption, NPPI, PCI, Regulatory Compliance, Security, SOX

Ever since I first started blogging I’ve worried that there would be weeks when I would simply draw a blank when it came to finding a topic worthy of the audience's time and attention. While I may have hit the occasional bump in the road with posts that weren’t...

May 23, 2009  6:53 PM

Red Flags and contractors



Posted by: Marcia Savage
Add new tag, FACTA

I attended an ISSA-Silicon Valley chapter meeting this week, where the featured speaker, Jim Anderson, gave an...


May 20, 2009  7:31 PM

IT Security: Something has to give.



Posted by: David Schneier
Audit, FDIC, FFIEC, fraud, GLBA, NCUA, phishing, Regulatory Compliance

My practice has been busy lately helping a number of clients catch up on required tasks before their scheduled exams (it's a case of the old "if it wasn't for the last minute nothing would ever happen" philosophy).  And in authoring some of our reports we're identifying issues and gaps that are in...


May 14, 2009  6:38 PM

Who put the G in GRC?



Posted by: David Schneier
Audit, compliance, governance, GRC, Regulatory Compliance, risk

I’m something of an advocate for Governance, Risk and Compliance (GRC) and have been for several years.  I’ve been known to rant a bit how it’s not properly organized as an acronym because everyone who knows knows that risk comes first and so it should’ve been...


May 7, 2009  9:58 PM

PCI compliance is not the end all



Posted by: David Schneier
Audit, PCI, Regulatory Compliance, SAS 70, Security

I was sitting in on a meeting this week during which a security review was being conducted for a proposed software solution for my client. The product was designed and hosted by a third-party vendor.

At first blush I was...


1

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: