Regulatory Reality:

GLBA


June 12, 2009  8:49 PM

Risk is at the heart of what matters most.



Posted by: David Schneier
assessment, Audit, compliance, GLBA, PCI, Regulatory Compliance, risk, risk assessment

I had two great conversations this week regarding risk assessments (jeez, does that ever sound geeky). The first conversation centered on what an associate was expecting  to accomplish via the risk assessment process and the second one was a general conversation about the proper approach to...

May 20, 2009  7:31 PM

IT Security: Something has to give.



Posted by: David Schneier
Audit, FDIC, FFIEC, fraud, GLBA, NCUA, phishing, Regulatory Compliance

My practice has been busy lately helping a number of clients catch up on required tasks before their scheduled exams (it's a case of the old "if it wasn't for the last minute nothing would ever happen" philosophy).  And in authoring some of our reports we're identifying issues and gaps that are in...


April 27, 2009  5:28 PM

How’s your Pandemic Response Plan looking today?



Posted by: David Schneier
bcp, business continuity planning, FFIEC, GLBA, NCUA, pandemic, Regulatory Compliance

I started my day yesterday by finding my 12-year-old sitting with his eyes riveted on the laptop screen reading what I figured was something either on Facebook or a sports related website.  I only wish.  Turns out he was fixated on the breaking news covering the swine flu. Much like his...


April 13, 2009  9:36 PM

What vendor management is really all about



Posted by: David Schneier
FDIC, FFIEC, GLBA, Regulatory Compliance, shared assessment, Vendor Management

I received an email from a colleague last week in regards to my recent post about the BITS Shared Assessments Program.  In the entry I offered my high opinion of the framework but went out of my way to point out that by itself the assessment is not a vendor management program.  The subject line...


April 2, 2009  4:21 PM

Keep an eye on Shared Assessments.



Posted by: David Schneier
Audit, GLBA, Regulatory Compliance, SOX, Vendor Management

About thirty seconds after I posted my last blog an item on the


March 30, 2009  6:55 PM

Why do you need policies and procedures? I’ll tell you why.



Posted by: David Schneier
Audit, GLBA, HIPAA, PCI, Regulatory Compliance, SOX

I once heard a parent say that they wished they had a dollar for every time their teen-aged child rolled their eyes at them.  I'm a parent so I get it.  But what I really wish for is to have a dollar for every time a client rolls their eyes at me when I tell them they need to have all their...


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: