Regulatory Reality:

credit union

1

March 6, 2013  5:19 PM

Security Standards: What’s in a name?



Posted by: David Schneier
assess, assessment, assessments, Audit, auditor, audits, CISO, community bank, control, controls, credit union, credit unions, data security, framework, information security, information security office, infrastructure, ISO, risk assess, risk assessment, risk assessments, risk management, risk-based

I had an interesting phone call recently with someone in a CISO-type position.  They were looking for a consultant to help them keep a seat warm working with information security risk assessments and were hoping to find a resource with practical experience using the NIST 800-53 standard.  It was...

September 21, 2012  3:44 PM

Are self-assessments the right way to go?



Posted by: David Schneier
assess, assessment, assessments, Audit, bank, banking, CISO, CISSP, compliance, compliance officer, compliant, credit union, credit unions, CU, disaster, disaster recovery, DR, enterprise risk, enterprise risk management, ERM, exam, examination, examinations, examiner, examiners, exams, framework, governance, GRC, guidance, information security, information security office, infrastructure, ISO, oversight, policy, procedure, regulation, regulations, regulations audit, regulatory, regulatory guidance, risk assess, risk assessment, risk assessments, risk management, risk-based, risks, technology

About a decade ago a family member chastised me for having an auto repair shop do my oil changes for me.  She (yeah, you’re reading that right – “she”) pointed out how ridiculously easy it was to drain the old oil, replace it with the new stuff and check a wide variety of fluid levels,...


July 6, 2012  3:18 AM

Risk: The core issue behind regulatory requirements



Posted by: David Schneier
assess, assessment, assessments, Audit, audits, bank, banking, banks, compliance, compliant, control, credit union, credit unions, CU, enterprise risk, enterprise risk management, ERM, exam, examination, examinations, examiner, exams, FDIC, Federal Reserve Bank, FFIEC, financial institutions, framework, FRB, general controls, GLBA, governance, GRC, guidance, information security, information security office, infrastructure, NCUA, PII, policy, procedure, regulation, regulations, regulations audit, risk assessment, risk assessments, Risk IT, risk management, risk rating, risk-based, risks, threats, vendor, Vendor Management, vendor risk, vendor risk assessment

There's a joke of sorts within my personal circle of family and friends regarding what it is that I do these days.  Ask me and I'll tell you that I'm a regulatory compliance expert who advises financial institutions on how to comply with the myriad rules and regulations governing information...


June 15, 2011  4:52 PM

The trouble with ineffective controls



Posted by: David Schneier
assess, assessment, Audit, bank, banking, community bank, compliance, credit union, CU, data center, GLBA, NCUA, regulation, regulatory, Regulatory Compliance, Security

I've been visiting with my mother who lives in a gated retirement community. In order for me to gain access to the development I need to pass through a security check point at the main gate. They ask me who I'm visiting, I provide my mother's name and either they find my name on the pre-approved...


March 15, 2011  9:58 PM

Is your examiner a friend or foe?



Posted by: David Schneier
Audit, bank, banking, compliance, credit union, CU, exam, examiner, FDIC, GLBA, NCUA, OCC, oversight, regulations, regulatory, Regulatory Compliance

I was catching up on my industry emails the other day and buried in my FDIC email folder was Financial Institution Letter FIL-13-2011, sent out on March 1st. Truthfully I usually pay close attention to their Friday afternoon blasts regarding bank closings and only skim the rest. But this one...


March 8, 2011  4:58 PM

Does GRC scale to size?



Posted by: David Schneier
assessment, Audit, bank, banking, compliance, credit union, CU, exam, examination, examiner, exams, governance, GRC, regulation, regulatory, Regulatory Compliance, risk, risk assessment

We were having an internal conversation this past week about governance, risk, and compliance (GRC) and I was asked about its role in the small and...

Bookmark and Share     0 Comments     RSS Feed     Email a friend


February 10, 2011  4:07 PM

Should banks and social networking coincide?



Posted by: David Schneier
bank, banks, credit union, credit unions, email, Facebook, FDIC, LinkedIn, NCUA, regulations, regulatory, Regulatory Compliance, social network, social networking, tweet, tweeting, Twitter, web

A few weeks back my wife asked me, as a favor, if I could join one of Facebook's community-based games because the more "neighbors" you have, the easier it is to succeed and so I did. Truthfully it was a rare moment of weakness for me because I tend to avoid those sort of things as if it were the...


October 1, 2010  7:41 PM

Hidden information security threats are still threats



Posted by: David Schneier
Audit, bank, banking, compliance, credit union, CU, FDIC, FFIEC, financial, financial institutions, personally identifiable informaiton, regulations, regulatory, Regulatory Compliance, security PII

Growing up I was a huge fan of the sitcom "The Odd Couple."  Some of my favorite catch phrases have in some part been influenced by lines of dialogue that I memorized.  One in particular serves as the best pure definition for a phenomenon I encounter frequently enough in my audit/compliance...


August 16, 2010  2:43 PM

Data security risks in the new age of banking



Posted by: David Schneier
Audit, bank, banking, cloud, cloud computing, credit union, FDIC, GLBA, merger, NCUA, NPPI, PII, regulatory, Regulatory Compliance, risk, risk assessment

Earlier this month, I blogged about my concerns regarding a drop-off in information security oversight by banking regulators. In this age of safety and soundness first, everything else is second, if at all.  It's more than a week later and I'm not feeling any better about things; as a matter of...


September 30, 2009  7:34 PM

Accountability key to banking recovery



Posted by: David Schneier
Audit, bank, banking, compliance, credit union, CU, DIF, FDIC, GLBA, NCUA, Regulatory Compliance

Every day, I receive a semi-deluge of industry related emails.  Between the various agencies, media sites, organizations and associations I tend to receive more communiqués than I know what to do with.  But I developed an interesting habit last year when the banking...


1

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: