October 26, 2011 8:36 PM
Posted by: David Schneier
assessment,
bcp,
business continuity plan,
GLBA,
NCUA,
NCUA Part 748,
regulations audit,
regulatory,
Regulatory Compliance,
risk,
risk assessment,
Vendor ManagementI remember conducting a risk assessment a few years back for a credit union in which they were missing just about every artifact necessary to prove compliance with NCUA Part 748 (if you're not already aware, thats GLBA for credit unions). It was, for lack of a better term, a...
October 3, 2011 10:39 PM
Posted by: David Schneier
bcp,
business continuity,
business continuity plan,
compliance,
Dodd-Frank,
FDIC,
GLBA,
NCUA,
regulations,
regulatory,
Regulatory Compliance,
too big too failEver since Dodd-Frank legislation first started rolling down the turnpike towards the banking industry I've been reading and listening to all manner of rhetoric about how none of it's going to solve any problems, that it's going to impede the business of banking and force money to be deposited and...
September 14, 2011 6:27 AM
Posted by: David Schneier
assessment,
Audit,
bcp,
business,
business continuity,
business continuity planning,
compliance,
disaster recovery,
DR,
GLBA,
NCUA,
regulation,
regulatory,
Regulatory Compliance,
risk,
risk assessment,
vendor,
Vendor ManagementOne of the oddity's of my career is how some issues present themselves in a wide range of my clients despite the fact that there's often no meaningful way to compare them in size. Some have a single compliance person who is part Compliance Officer and part Information Security Officer and some...
August 28, 2011 3:17 PM
Posted by: David Schneier
Audit,
auditor,
bcp,
business continuity,
business continuity plan,
compliance,
disaster,
disaster recovery,
DR,
exam,
examiner,
GLBA,
NCUA,
regulations,
regulatory,
Regulatory ComplianceI'm violating my own standards by using such an easy topic to blog about but it's too big to ignore. With the increasing insanity being inspired by 2011's first true hurricane I'd be remiss if I didn't at least explore the impact this is going to have on the business community.
I just heard...
August 3, 2011 6:16 PM
Posted by: David Schneier
compliance,
GLBA,
NCUA,
NPPI,
PII,
regulatory,
Regulatory Compliance,
Security,
security awarenessWhen I first started blogging professionally a colleague of mine cautioned that I should avoid posting anything where a client might recognize themselves in any story or example I might relate, good or bad. And so in the years since I've gone to sometimes great length to anonymize my content to...
July 17, 2011 10:01 PM
Posted by: David Schneier
assessment,
Audit,
compliance,
exam,
examinations,
GLBA,
regulatory,
Regulatory Compliance,
riskI do a whole lot of work with vendor management, a fact which most of my regular readers are quite aware of. And while I typically recoil when somebody else says of themselves what I'm about to say, I'm going to say it anyway; I'm really something of an expert on the discipline, particularly as...
June 15, 2011 4:52 PM
Posted by: David Schneier
assess,
assessment,
Audit,
bank,
banking,
community bank,
compliance,
credit union,
CU,
data center,
GLBA,
NCUA,
regulation,
regulatory,
Regulatory Compliance,
SecurityI've been visiting with my mother who lives in a gated retirement community. In order for me to gain access to the development I need to pass through a security check point at the main gate. They ask me who I'm visiting, I provide my mother's name and either they find my name on the pre-approved...
June 3, 2011 3:18 PM
Posted by: David Schneier
assess,
assessment,
Audit,
compliance,
enterprise risk,
enterprise risk management,
ERM,
GLBA,
NCUA,
regulations,
regulatory,
Regulatory Compliance,
risk managementLast week while attending a banking conference I found myself in a conversation about Enterprise Risk Management (ERM). I had made the comment that I was tired of constantly hearing different definitions of what the discipline is and how it should be applied. It’s the...
May 20, 2011 3:29 AM
Posted by: David Schneier
compliance,
FFIEC,
GLBA,
regulation,
regulations,
regulatory,
Regulatory Compliance,
risk,
risk assessment,
risk-basedYears ago I added an addition to my first house. After my second child arrived, we had simply run out of room and decided it was easier to expand our current living space rather than trying to find a bigger one. Plans were drawn up, work scheduled and money deposited. Two days before the first...
