Regulatory Reality:

FFIEC


December 10, 2010  6:45 PM

Year-end begets regulatory compliance audit panic



Posted by: David Schneier
assessment, Audit, FFIEC, GLBA, PCI, red flags, red flags identity theft, regulatory, Regulatory Compliance, Security, security awareness, SOX

Sometime back in August I blogged about addressing outstanding compliance tasks before the year's end. We see it every year in my practice: Compliance  and security folks wake up sometime right around now in a bit of a panic and realize that they're about to miss hitting on certain key regulatory...

October 1, 2010  7:41 PM

Hidden information security threats are still threats



Posted by: David Schneier
Audit, bank, banking, compliance, credit union, CU, FDIC, FFIEC, financial, financial institutions, personally identifiable informaiton, regulations, regulatory, Regulatory Compliance, security PII

Growing up I was a huge fan of the sitcom "The Odd Couple."  Some of my favorite catch phrases have in some part been influenced by lines of dialogue that I memorized.  One in particular serves as the best pure definition for a phenomenon I encounter frequently enough in my audit/compliance...


January 27, 2010  12:13 AM

Banking regulatory reform is a comin’



Posted by: David Schneier
bank, banking, Basel, FDIC, FFIEC, GLBA, NCUA, Regulatory Compliance

I was scanning through emails the other day and almost missed a good one. It was from the FDIC on Friday, January 22. As we’ve all come to know Friday is the FDIC’s equivalent of “bring out the dead day” when they almost always announce the...


July 17, 2009  1:58 PM

Does compliance equate to secure?



Posted by: David Schneier
Audit, compliance, cyber security, FFIEC, GLBA, PCI, regulations, Regulatory Compliance, Security, SOX

Despite earning a living in the space, I often question the value of regulatory compliance.

How is it that a business can be PCI-compliant but still have glaring vulnerabilities?  How is it that despite layer upon layer of controls...


May 20, 2009  7:31 PM

IT Security: Something has to give.



Posted by: David Schneier
Audit, FDIC, FFIEC, fraud, GLBA, NCUA, phishing, Regulatory Compliance

My practice has been busy lately helping a number of clients catch up on required tasks before their scheduled exams (it's a case of the old "if it wasn't for the last minute nothing would ever happen" philosophy).  And in authoring some of our reports we're identifying issues and gaps that are in...


April 27, 2009  5:28 PM

How’s your Pandemic Response Plan looking today?



Posted by: David Schneier
bcp, business continuity planning, FFIEC, GLBA, NCUA, pandemic, Regulatory Compliance

I started my day yesterday by finding my 12-year-old sitting with his eyes riveted on the laptop screen reading what I figured was something either on Facebook or a sports related website.  I only wish.  Turns out he was fixated on the breaking news covering the swine flu. Much like his...


April 13, 2009  9:36 PM

What vendor management is really all about



Posted by: David Schneier
FDIC, FFIEC, GLBA, Regulatory Compliance, shared assessment, Vendor Management

I received an email from a colleague last week in regards to my recent post about the BITS Shared Assessments Program.  In the entry I offered my high opinion of the framework but went out of my way to point out that by itself the assessment is not a vendor management program.  The subject line...


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: