October 30, 2012 3:09 PM
Posted by: David Schneier
Audit,
audits,
backup,
bank,
bank closing,
bank closings,
banking,
banks,
BIA,
business,
business continuity,
business continuity plan,
business impact analysis,
community bank,
disaster recovery,
DR,
examiners,
internal audit,
internal controls,
ITGC,
NCUA,
pandemic,
Pandemic Planning,
policy,
procedure,
risk assess,
risk assessment,
risk assessments,
risk management,
risksI've written similar posts in that past where I start off by apologizing for appearing opportunistic when leveraging a significant news event to generate site content. However when considering roughly one-third of all my clients are dealing with Hurricane Sandy this represents a rare chance to...
October 22, 2012 2:09 PM
Posted by: David Schneier
ACH,
assess,
assessment,
assessments,
Audit,
auditor,
audits,
banking,
banks,
business,
CISA,
CISO,
community bank,
compliance,
credit unions,
CU,
exam,
examination,
examinations,
examiner,
examiners,
exams,
FFIEC,
financial institutions,
general controls,
GLBA,
identify theft,
identity theft,
information security,
information security office,
Information Technology General Controls,
internal audit,
internal controls,
ITGC,
NPPI,
observations,
oversight,
personally identifiable informaiton,
PII,
privacy,
risk assess,
risk assessment,
risk assessments,
risk management,
risk-based,
risksA few years back when I first cut over to working somewhat exclusively with financial institutions I memorized an elevator speech that still somewhat defines who I am and what I do professionally. Part of the speech pointed out that my firm helped "banks and credit unions meet regulatory...
August 8, 2012 6:21 PM
Posted by: David Schneier
Audit,
auditor,
audits,
bank,
banking,
banks,
Board,
Board of Directors,
BoD,
business,
community bank,
compliance,
control,
controls,
exam,
examination,
examinations,
examiner,
examiners,
exams,
financial institutions,
fraud,
governance,
regulation,
regulations,
regulations audit,
regulatory,
regulatory guidance,
SOXI have an odd relationship with management reporting. I know it's a necessity and quite often see clear value in what's packaged for senior management and board review. But a significant piece of the reporting content comes in the form of metrics and, well, whenever I hear the term it conjures...
July 29, 2012 6:39 PM
Posted by: David Schneier
ATM,
bank,
banking,
banks,
breach,
checking account,
community bank,
credit,
credit card,
cyber security,
data security,
evidence,
financial institutions,
hack,
hacker,
hackers,
hacking,
id theft,
identity theft,
information security,
network,
oversight,
PCI,
personally identifiable informaiton,
PII,
regulation,
regulations,
Security,
security breach,
theftIf my blogging about credit card breaches has a bit of a deja vu feel to it you're not crazy, I last touched on it less than six months ago. Sadly I was handed a new update this week in the form of my bank card being cancelled from right out underneath me again. For those of you keeping score...
July 21, 2012 8:25 PM
Posted by: David Schneier
Add new tag,
assess,
assessment,
assessments,
bank,
banking,
banking crisis,
banks,
community bank,
compliance,
compliance officer,
compliant,
control,
credit,
credit card,
data security,
Dodd-Frank,
economy,
enterprise risk,
enterprise risk management,
ERM,
exam,
examination,
examinations,
examiner,
examiners,
exams,
Federal Reserve Bank,
FFIEC,
financial,
financial institutions,
framework,
information security office,
lending,
LinkedIn,
mortgage,
NCUA,
NCUA Sheila Bair,
NPPI,
observations,
oversight,
personally identifiable informaiton,
PII,
policy,
privacy,
procedure,
regulation,
regulations,
regulations audit,
regulatory,
regulatory guidance,
risk assess,
risk assessment,
risk assessments,
risk management,
risk-based,
risks,
security PII,
Sheila Bair,
social security numbers,
technology,
third party management,
third party oversight,
vendor,
Vendor Management,
vendor risk,
vendor risk assessmentI was an unabashed fan of Sheila Bair and made no secret of that fact. She was a breath of fresh air in a line of work where everything is stale and always at least a little boring. Not that Martin Gruenberg is any less effective running the FDIC, he's just a whole lot less interesting to pay...
July 6, 2012 3:18 AM
Posted by: David Schneier
assess,
assessment,
assessments,
Audit,
audits,
bank,
banking,
banks,
compliance,
compliant,
control,
credit union,
credit unions,
CU,
enterprise risk,
enterprise risk management,
ERM,
exam,
examination,
examinations,
examiner,
exams,
FDIC,
Federal Reserve Bank,
FFIEC,
financial institutions,
framework,
FRB,
general controls,
GLBA,
governance,
GRC,
guidance,
information security,
information security office,
infrastructure,
NCUA,
PII,
policy,
procedure,
regulation,
regulations,
regulations audit,
risk assessment,
risk assessments,
Risk IT,
risk management,
risk rating,
risk-based,
risks,
threats,
vendor,
Vendor Management,
vendor risk,
vendor risk assessmentThere's a joke of sorts within my personal circle of family and friends regarding what it is that I do these days. Ask me and I'll tell you that I'm a regulatory compliance expert who advises financial institutions on how to comply with the myriad rules and regulations governing information...
February 10, 2011 4:07 PM
Posted by: David Schneier
bank,
banks,
credit union,
credit unions,
email,
Facebook,
FDIC,
LinkedIn,
NCUA,
regulations,
regulatory,
Regulatory Compliance,
social network,
social networking,
tweet,
tweeting,
Twitter,
webA few weeks back my wife asked me, as a favor, if I could join one of Facebook's community-based games because the more "neighbors" you have, the easier it is to succeed and so I did. Truthfully it was a rare moment of weakness for me because I tend to avoid those sort of things as if it were the...
0 Comments
RSS Feed
Email a friend
