Regulatory Reality:

October, 2010

1

October 22, 2010  3:20 AM

After a data security breach, who’s to blame?



Posted by: David Schneier
anti-malware, anti-virus, assessment, Audit, hack, HIPAA, regulations, regulatory, Regulatory Compliance, scanning, vulnerability

I read a blog post last week from my friend Ed Moyle in which he discussed a story about how a professor at the University of North Carolina-Chapel Hill was demoted because a server used in her research project was hacked.  A committee had concluded that it was the professor's fault that the...

October 11, 2010  3:56 PM

Vendor management program efforts still fall (way) short



Posted by: David Schneier
assess, examination, examiner, GLBA, NCUA, periodic review, regulations, regulatory, Regulatory Compliance, risk, risk rating, third party management, third party oversight, vendor, Vendor Management, vendor risk rating

Early last week I downloaded some fresh content covering vendor management.  It turned out that the new information wasn't really new, it's guidance that's been circulating in one form or another for years and tracks closely with guidance ripped from the pages of the Sante Fe Group/BITS Shared...


October 1, 2010  7:41 PM

Hidden information security threats are still threats



Posted by: David Schneier
Audit, bank, banking, compliance, credit union, CU, FDIC, FFIEC, financial, financial institutions, personally identifiable informaiton, regulations, regulatory, Regulatory Compliance, security PII

Growing up I was a huge fan of the sitcom "The Odd Couple."  Some of my favorite catch phrases have in some part been influenced by lines of dialogue that I memorized.  One in particular serves as the best pure definition for a phenomenon I encounter frequently enough in my audit/compliance...


1

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: