November 2, 2010 2:33 PM
Posted by: David Schneier
assessment,
Audit,
controls,
GLBA,
NCUA,
regulatory,
Regulatory Compliance,
risk assessmentI was in the midst of writing my weekly blog post focusing on threadbare thin compliance efforts when I was distracted by news of a potential terrorist incident. As you likely know by now, it appears that Al-Qaeda was either attempting to send explosive devices onto airplanes or was conducting a...
October 11, 2010 3:56 PM
Posted by: David Schneier
assess,
examination,
examiner,
GLBA,
NCUA,
periodic review,
regulations,
regulatory,
Regulatory Compliance,
risk,
risk rating,
third party management,
third party oversight,
vendor,
Vendor Management,
vendor risk ratingEarly last week I downloaded some fresh content covering vendor management. It turned out that the new information wasn't really new, it's guidance that's been circulating in one form or another for years and tracks closely with guidance ripped from the pages of the Sante Fe Group/BITS Shared...
September 20, 2010 8:28 PM
Posted by: David Schneier
Audit,
compliance,
exam,
examination,
GLBA,
HIPAA,
NCUA,
NERC,
PCI,
regulatory,
Regulatory Compliance,
risk,
risk assessment,
SOXI stumbled upon an old nemesis of mine recently and the bad taste it left in my mouth continues to offend my senses.
In an industry where there are standards that define how standards should be written and websites dedicated to dissecting each standard so that everyone can understand what the...
September 5, 2010 5:17 AM
Posted by: David Schneier
CISO,
compliance,
Facebook,
GLBA,
information security,
ISO,
LinkedIn,
NCUA,
PII,
regulatory,
Regulatory Compliance,
Security,
social networkA few months back, the big blinking light in the middle of the information security radar was a story about how someone had harvested all sorts of personal...
August 25, 2010 4:07 PM
Posted by: David Schneier
Audit,
business continuity,
business continuity planning,
compliance,
FDIC,
GLBA,
NCUA,
penetration test,
penetration testing,
regulatory,
Regulatory Compliance,
risk,
risk assessment,
Security,
security awareness,
social engineering,
Vendor Management,
vulnerability testSummer at home officially ended this morning as my children returned to school. Beyond the fact that I consider it cruel and inhuman punishment to resume academic activities before Labor Day, it also serves as a wake-up call that we're well past mid-year on the traditional calendar and eying the...
August 16, 2010 2:43 PM
Posted by: David Schneier
Audit,
bank,
banking,
cloud,
cloud computing,
credit union,
FDIC,
GLBA,
merger,
NCUA,
NPPI,
PII,
regulatory,
Regulatory Compliance,
risk,
risk assessmentEarlier this month, I blogged about my concerns regarding a drop-off in information security oversight by banking regulators. In this age of safety and soundness first, everything else is second, if at all. It's more than a week later and I'm not feeling any better about things; as a matter of...
August 2, 2010 9:29 PM
Posted by: David Schneier
Audit,
bank,
banking,
bcp,
CISO,
compliance,
compliance officer,
FDIC,
FIL,
GLBA,
information security,
regulatory,
Regulatory Compliance,
Security,
vulnerability testWe were watching a baseball game the other night when one of Microsoft's recent IE8 security commercials aired. It's the one where a fictitious bank is set up and people off the street, deceived by its appearance, wind up turning over boat loads of personally identifiable information (PII)...
May 10, 2010 4:59 AM
Posted by: David Schneier
compliance,
FDIC,
GLBA,
governance,
GRC,
HIPAA,
PCI,
Regulatory Compliance,
risk,
risk assessment,
SOXIn the past, I've made sometimes flip and irreverent comments about the weekly FDIC announcements that land in my inbox regarding bank closings. Despite the mind-numbing number of institutions that have been closed over the past year or so and the somewhat extensive list of institutions I've...
April 23, 2010 10:14 PM
Posted by: David Schneier
assessment,
assessments,
Audit,
bcp,
business continuity planning,
controls,
framework,
general controls,
GLBA,
IT General Controls,
NCUA,
Regulatory Compliance,
Security,
security awareness,
Vendor ManagementI've often surprised people when it comes to conducting audit/assessment work or developing compliance programs. Generally speaking I'm a reasonable person who typically exhibits an abundance of flexibility in my day-to-day life. However when it comes to my career, I tend to be much more of a...
