Regulatory Reality: October, 2010 archives

After a data security breach, who’s to blame?

Posted by:

David Schneier

anti-malware

anti-virus

assessment

Audit

hack

HIPAA

regulations

regulatory

Regulatory Compliance

scanning

vulnerability

I read a blog post last week from my friend Ed Moyle in which he discussed a story about how a professor at the University of North Carolina-Chapel Hill was demoted because a server used in her research project was hacked. A committee had concluded that it was the professor's fault that the...

October 11, 2010 3:56 PM

Vendor management program efforts still fall (way) short

Posted by: David Schneier

assess, examination, examiner, GLBA, NCUA, periodic review, regulations, regulatory, Regulatory Compliance, risk, risk rating, third party management, third party oversight, vendor, Vendor Management, vendor risk rating

Early last week I downloaded some fresh content covering vendor management. It turned out that the new information wasn't really new, it's guidance that's been circulating in one form or another for years and tracks closely with guidance ripped from the pages of the Sante Fe Group/BITS Shared...

0 Comments

RSS Feed

Email a friend

October 1, 2010 7:41 PM

Hidden information security threats are still threats

Posted by: David Schneier

Audit, bank, banking, compliance, credit union, CU, FDIC, FFIEC, financial, financial institutions, personally identifiable informaiton, regulations, regulatory, Regulatory Compliance, security PII

Growing up I was a huge fan of the sitcom "The Odd Couple." Some of my favorite catch phrases have in some part been influenced by lines of dialogue that I memorized. One in particular serves as the best pure definition for a phenomenon I encounter frequently enough in my audit/compliance...

0 Comments

RSS Feed

Email a friend