Regulatory Reality:

compliance


September 20, 2010  8:28 PM

Regulatory compliance management lacking common sense



Posted by: David Schneier
Audit, compliance, exam, examination, GLBA, HIPAA, NCUA, NERC, PCI, regulatory, Regulatory Compliance, risk, risk assessment, SOX

I stumbled upon an old nemesis of mine recently and the bad taste it left in my mouth continues to offend my senses. In an industry where there are standards that define how standards should be written and websites dedicated to dissecting each standard so that everyone can understand what the...

September 5, 2010  5:17 AM

Managing today’s privacy threats and security risks



Posted by: David Schneier
CISO, compliance, Facebook, GLBA, information security, ISO, LinkedIn, NCUA, PII, regulatory, Regulatory Compliance, Security, social network

A few months back, the big blinking light in the middle of the information security radar was a story about how someone had harvested all sorts of personal...

Bookmark and Share     0 Comments     RSS Feed     Email a friend


August 25, 2010  4:07 PM

Are you GLBA compliant and ready for year-end?



Posted by: David Schneier
Audit, business continuity, business continuity planning, compliance, FDIC, GLBA, NCUA, penetration test, penetration testing, regulatory, Regulatory Compliance, risk, risk assessment, Security, security awareness, social engineering, Vendor Management, vulnerability test

Summer at home officially ended this morning as my children returned to school.  Beyond the fact that I consider it cruel and inhuman punishment to resume academic activities before Labor Day, it also serves as a wake-up call that we're well past mid-year on the traditional calendar and eying the...


August 2, 2010  9:29 PM

Where’s the information security oversight?



Posted by: David Schneier
Audit, bank, banking, bcp, CISO, compliance, compliance officer, FDIC, FIL, GLBA, information security, regulatory, Regulatory Compliance, Security, vulnerability test

We were watching a baseball game the other night when one of Microsoft's recent IE8 security commercials aired.  It's the one where a fictitious bank is set up and people off the street, deceived by its appearance, wind up turning over boat loads of personally identifiable information (PII)...


June 14, 2010  6:57 AM

An update on governance, risk and compliance



Posted by: David Schneier
Audit, compliance, governance, GRC, regulations, Regulatory Compliance, risk, risk assessment

I just had an article published in Information Security magazine on GRC titled "Demystifying governance, risk and compliance."  It's a piece...


May 21, 2010  1:55 PM

The new Senate finance bill: not what I hoped for



Posted by: David Schneier
Audit, compliance, FDIC, OCC, Regulatory Compliance, risk, risk assessment, risk assessments, SEC

I'm an optimist:  Ask anyone who knows me either personally or professionally and they'll agree.  And I've been eagerly anticipating new legislation ever since the banks spiraled out of control and needed government intervention to save themselves.  As my wife likes to tell people, when the...


May 10, 2010  4:59 AM

FDIC bank closure hits close to home



Posted by: David Schneier
compliance, FDIC, GLBA, governance, GRC, HIPAA, PCI, Regulatory Compliance, risk, risk assessment, SOX

In the past, I've made sometimes flip and irreverent comments about the weekly FDIC announcements that land in my inbox regarding bank closings.  Despite the mind-numbing number of institutions that have been closed over the past year or so and the somewhat extensive list of institutions I've...


April 16, 2010  4:56 PM

Regulatory compliance is not optional



Posted by: David Schneier
Audit, bcp, business continuity planning, compliance, exam, examiner, FDIC, NCUA, Regulatory Compliance, vendor, Vendor Management

If I haven't already shared this with you, I'm a partner in a regulatory compliance advisory firm.  We offer services to the banking sector that pretty much cover the entirety of the information security spectrum.  And as you might imagine, there's a fair amount of sales and marketing that go...


December 11, 2009  5:29 AM

Security threats: Old news isn’t good news



Posted by: David Schneier
Audit, compliance, cyber security, Regulatory Compliance, Security, threats

I just finished reading through the most recent report from Verizon Business, which offers a deeper dive into the most common security breaches identified during 2008 and quite frankly, I’m concerned.  Turns out that there’s very little new to worry about beyond what we...


November 12, 2009  1:44 PM

Information security officers are a must



Posted by: David Schneier
Audit, business continuity planning, CISO, compliance, GLBA, information security, information security office, ISO, Regulatory Compliance, Vendor Management

I was talking with a client last week about a perceived gap in their organization.  Despite having to address multiple regulations cutting across several oversight bodies, they were lacking a single point of contact or central coordinator for all information security related activities.  Their...


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: