Regulatory Reality:

GLBA


October 20, 2009  3:05 PM

Should bank examiners rely on audit and assessment reports?



Posted by: David Schneier
assessment, Audit, bcp, business continuity planning, disaster recovery, DR, GLBA, information security, IT, NCUA, Regulatory Compliance, risk, risk assessment, technology

A favorite cliché of mine is “if it wasn’t for the last minute nothing would ever get done.” Personally it’s sort of the way I’m wired and in my industry it’s an unwritten rule when it comes to many annual activities. There’s an...

October 8, 2009  8:33 PM

The COBIT framework isn’t an audit solution



Posted by: David Schneier
Audit, COBIT, GLBA, ISACA, ITGI, NCUA, Regulatory Compliance, risk, risk assessment, Risk IT, SOX, Val IT

I have an associate who has an addiction to certifications. He’s one of those “too smart for his own good” geniuses who often decides to change his career course and starts by obtaining whatever accreditation or cert is needed to do so....


September 30, 2009  7:34 PM

Accountability key to banking recovery



Posted by: David Schneier
Audit, bank, banking, compliance, credit union, CU, DIF, FDIC, GLBA, NCUA, Regulatory Compliance

Every day, I receive a semi-deluge of industry related emails.  Between the various agencies, media sites, organizations and associations I tend to receive more communiqués than I know what to do with.  But I developed an interesting habit last year when the banking...


September 16, 2009  9:02 PM

Can the economy rebound without the banks?



Posted by: David Schneier
Audit, bank, compliance, credit, GLBA, NCUA, real estate, Regulatory Compliance

I had one of those odd moments yesterday regarding the banking industry that I wanted to share with you.

On the homepage of a major news website were two headline stories. The first was about how Ben Bernanke believes the recession we’re...


September 1, 2009  3:29 PM

IT audits versus reviews



Posted by: David Schneier
Audit, compliance, general controls, GLBA, governance, GRC, IT, ITGC, NCUA, Regulatory Compliance, risk, risk assessment

I had mentioned in my last post a recent conversation with my partner regarding a proposed IT general controls (ITGC) audit. My primary role in our practice is to head up regulatory compliance services which includes audits, assessments and program development; my...


August 18, 2009  8:05 PM

Is perspective on our regulatory landscape a blessing or a curse?



Posted by: David Schneier
Audit, FDIC, GLBA, PCI, regulatory, Regulatory Compliance, SOX

I was away from the office last week trying squeeze in a family vacation before the kids head back to school. Despite taking the occasional phone call and replying to a number of emails, there was still plenty waiting for me today when I returned to my normal...


July 17, 2009  1:58 PM

Does compliance equate to secure?



Posted by: David Schneier
Audit, compliance, cyber security, FFIEC, GLBA, PCI, regulations, Regulatory Compliance, Security, SOX

Despite earning a living in the space, I often question the value of regulatory compliance.

How is it that a business can be PCI-compliant but still have glaring vulnerabilities?  How is it that despite layer upon layer of controls...


July 8, 2009  3:45 PM

How’s about a federally mandated Information Security Assessment?



Posted by: David Schneier
Audit, compliance, cyber security, FERC cyber security, GLBA, NERC, Regulatory Compliance, SOX

I had a eureka moment recently that I’d like to share.

In considering the implications of the recently announced changes by MasterCard that will now require PCI Level 2 merchants to be assessed by a Qualified Security Assessor (QSA) it occurred to me...


July 2, 2009  2:53 AM

2 for 1 sale: How governance leads to compliance.



Posted by: David Schneier
Audit, compliance, GLBA, governance, GRC, PCI, Regulatory Compliance, SOX

A while back I’d written about the Unified Compliance Framework from Network Frontiers, which takes quite literally every regulation and framework within the IT domain and maps them in such a way where you can identify how a single control addresses multiple requirements. In...


June 22, 2009  3:46 PM

Financial regulations and my crystal ball.



Posted by: David Schneier
Audit, compliance, GLBA, obama, OTS, PCI, Regulatory Compliance, SOX

I had a great piece lined up for this week about a governance project I’m working on but was waylaid by all the news that hit the radar around regulatory reform.

In what may be the understatement of the year, the plans revealed last week by President...


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: