December 22, 2011 9:44 PM
Posted by: David Schneier
assessment,
Audit,
compliance,
GLBA,
NPPI,
PCI,
PII,
regulatory,
Regulatory Compliance,
risk,
risk assessmentLet me begin by sharing a story from the way back files. In the mid 80’s when I was first starting out in my career I was working as a junior programmer in Manhattan. Courtesy of playing on the corporate softball team I became acquainted with a fairly diverse group of...
December 5, 2011 11:54 PM
Posted by: David Schneier
assessments,
Audit,
compliance,
governance,
GRC,
regulations,
regulatory,
Regulatory Compliance,
regulatory guidance,
risk,
risk assessmentsI love GRC, at least the concept. I've gotten way more than my fair share of print time expounding on its many virtues and how it continues to make inroads into so many organizations. It's the next and necessary step in the evolution of audit and compliance, a fact (yes, fact) of which I'm...
November 18, 2011 12:22 PM
Posted by: David Schneier
assessment,
Audit,
compliance,
FDIC,
Federal Reserve Bank,
FRB,
GLBA,
NCUA,
OCC,
OTC,
regulations,
regulatory,
Regulatory Compliance,
risk,
risk assessment,
vendor,
Vendor Management,
vendor risk,
vendor risk ratingI don't think I'm due to post about vendor management again at least until January 2012 (I try to limit topics to twice a year) but I've had something kicking around my head for a few days now and it needs a proper vetting.
Does anyone know why vendor management is such a big issue for banking...
November 11, 2011 7:41 PM
Posted by: David Schneier
assessment,
Audit,
compliance,
GLBA,
hack,
hacker,
NCUA,
phish,
phishing,
red flags,
red flags identity theft,
regulatory,
Regulatory Compliance,
scam,
smish,
smishing,
vish,
vishingThis is something akin to my annual public service announcement (PSA) for anyone who has cash-on-hand, a bank account, an investment account or perhaps even a piggy bank: As long as you have money there's someone out there right now scheming to try and take it away from you.
I'm having that...
September 14, 2011 6:27 AM
Posted by: David Schneier
assessment,
Audit,
bcp,
business,
business continuity,
business continuity planning,
compliance,
disaster recovery,
DR,
GLBA,
NCUA,
regulation,
regulatory,
Regulatory Compliance,
risk,
risk assessment,
vendor,
Vendor ManagementOne of the oddity's of my career is how some issues present themselves in a wide range of my clients despite the fact that there's often no meaningful way to compare them in size. Some have a single compliance person who is part Compliance Officer and part Information Security Officer and some...
August 28, 2011 3:17 PM
Posted by: David Schneier
Audit,
auditor,
bcp,
business continuity,
business continuity plan,
compliance,
disaster,
disaster recovery,
DR,
exam,
examiner,
GLBA,
NCUA,
regulations,
regulatory,
Regulatory ComplianceI'm violating my own standards by using such an easy topic to blog about but it's too big to ignore. With the increasing insanity being inspired by 2011's first true hurricane I'd be remiss if I didn't at least explore the impact this is going to have on the business community.
I just heard...
July 17, 2011 10:01 PM
Posted by: David Schneier
assessment,
Audit,
compliance,
exam,
examinations,
GLBA,
regulatory,
Regulatory Compliance,
riskI do a whole lot of work with vendor management, a fact which most of my regular readers are quite aware of. And while I typically recoil when somebody else says of themselves what I'm about to say, I'm going to say it anyway; I'm really something of an expert on the discipline, particularly as...
June 15, 2011 4:52 PM
Posted by: David Schneier
assess,
assessment,
Audit,
bank,
banking,
community bank,
compliance,
credit union,
CU,
data center,
GLBA,
NCUA,
regulation,
regulatory,
Regulatory Compliance,
SecurityI've been visiting with my mother who lives in a gated retirement community. In order for me to gain access to the development I need to pass through a security check point at the main gate. They ask me who I'm visiting, I provide my mother's name and either they find my name on the pre-approved...
June 3, 2011 3:18 PM
Posted by: David Schneier
assess,
assessment,
Audit,
compliance,
enterprise risk,
enterprise risk management,
ERM,
GLBA,
NCUA,
regulations,
regulatory,
Regulatory Compliance,
risk managementLast week while attending a banking conference I found myself in a conversation about Enterprise Risk Management (ERM). I had made the comment that I was tired of constantly hearing different definitions of what the discipline is and how it should be applied. It’s the...
