September 21, 2012 3:44 PM
Posted by: David Schneier
assess,
assessment,
assessments,
Audit,
bank,
banking,
CISO,
CISSP,
compliance,
compliance officer,
compliant,
credit union,
credit unions,
CU,
disaster,
disaster recovery,
DR,
enterprise risk,
enterprise risk management,
ERM,
exam,
examination,
examinations,
examiner,
examiners,
exams,
framework,
governance,
GRC,
guidance,
information security,
information security office,
infrastructure,
ISO,
oversight,
policy,
procedure,
regulation,
regulations,
regulations audit,
regulatory,
regulatory guidance,
risk assess,
risk assessment,
risk assessments,
risk management,
risk-based,
risks,
technologyAbout a decade ago a family member chastised me for having an auto repair shop do my oil changes for me. She (yeah, you’re reading that right – “she”) pointed out how ridiculously easy it was to drain the old oil, replace it with the new stuff and check a wide variety of fluid levels,...
September 14, 2011 6:27 AM
Posted by: David Schneier
assessment,
Audit,
bcp,
business,
business continuity,
business continuity planning,
compliance,
disaster recovery,
DR,
GLBA,
NCUA,
regulation,
regulatory,
Regulatory Compliance,
risk,
risk assessment,
vendor,
Vendor ManagementOne of the oddity's of my career is how some issues present themselves in a wide range of my clients despite the fact that there's often no meaningful way to compare them in size. Some have a single compliance person who is part Compliance Officer and part Information Security Officer and some...
August 28, 2011 3:17 PM
Posted by: David Schneier
Audit,
auditor,
bcp,
business continuity,
business continuity plan,
compliance,
disaster,
disaster recovery,
DR,
exam,
examiner,
GLBA,
NCUA,
regulations,
regulatory,
Regulatory ComplianceI'm violating my own standards by using such an easy topic to blog about but it's too big to ignore. With the increasing insanity being inspired by 2011's first true hurricane I'd be remiss if I didn't at least explore the impact this is going to have on the business community.
I just heard...
March 25, 2011 2:48 PM
Posted by: David Schneier
business continuity,
business continuity plan,
business continuity planning,
disaster,
disaster recovery,
FFIEC,
GLBA,
NCUA,
regulations,
regulatory,
Regulatory Compliance,
SecurityThere will be no shortage of industry articles and analysis that will emerge from the horrific events in Japan over these past few weeks, that's for certain. This is arguably the most significant event to hit a major regional economy since World War II and it's important to learn as many lessons...
January 29, 2011 1:34 AM
Posted by: David Schneier
assessment,
Audit,
bcp,
business continuity plan,
disaster recovery,
DR,
FDIC,
GLBA,
NCUA,
regulations,
regulatory,
Regulatory ComplianceSomething happened within our practice this past week that made me recall a story from the very beginning of my audit and compliance career. Way back in 1998 when I was first transitioning from being an application developer/manager to a compliance/audit professional, my first long term engagement...
February 23, 2010 4:17 AM
Posted by: David Schneier
Audit,
bcp,
disaster recovery,
GLBA,
PCI,
Regulatory Compliance,
risk assessment,
SOX,
Vendor ManagementHere's me about to eat crow.
After nearly a decade of railing against software as a solution to address the challenges of regulatory/industry compliance, I'm being forced to reconsider my position.
I've long advocated that an institution or organization could just as easily develop manual...
October 29, 2009 5:23 PM
Posted by: David Schneier
assessments,
audits,
bcp,
business continuity planning,
disaster recovery,
DR,
FDIC,
general controls,
GLBA,
NCUA,
NCUA Sheila Bair,
Pandemic Planning,
password,
policy,
procedure,
Regulatory Compliance,
risk assessments,
SOXMany years ago I found myself in one of those awkward moments where I needed to pay for something but didn’t have enough cash on hand to cover the bill. Rather than do the smart thing and find an ATM I instead elected to rip through my car and dig up all of the...
October 20, 2009 3:05 PM
Posted by: David Schneier
assessment,
Audit,
bcp,
business continuity planning,
disaster recovery,
DR,
GLBA,
information security,
IT,
NCUA,
Regulatory Compliance,
risk,
risk assessment,
technologyA favorite cliché of mine is “if it wasn’t for the last minute nothing would ever get done.” Personally it’s sort of the way I’m wired and in my industry it’s an unwritten rule when it comes to many annual activities. There’s an...
