Regulatory Reality:

information security


April 8, 2010  2:24 PM

Online identify theft: One victim’s story



Posted by: David Schneier
cyber security, id theft, information security, password, password theft, phish, phishing, Regulatory Compliance, scam, Security, security awareness

Last month I blogged about a phishing attempt that landed in my inbox.  The email account belonged to someone named Rebecca Keen who I had never heard of before (or so I believed at the time).  As I was finishing writing that post, I received a follow-up email from the same person indicating...

March 22, 2010  3:20 PM

Information security awareness begins at home



Posted by: David Schneier
ATM, Facebook, hack, hacker, information security, LinkedIn, Regulatory Compliance, Security, security awareness, social network

Sometimes the best blog ideas just fall into my lap. I was greeted by this status the other day on Facebook:  "

  Bookmark and Share     0 Comments     RSS Feed     Email a friend


February 5, 2010  3:57 AM

How security aware is your organization?



Posted by: David Schneier
Audit, GLBA, information security, NCUA, phish, phishing, Regulatory Compliance, risk, risk assessment, Security, security testing, social engineering

Consider this post to be something of a (banking) community service announcement. It's February 2010, do you know when the last time was that your organization conducted a social engineering exercise? I come across instances almost all of the time where financial institutions have obvious...


December 29, 2009  5:30 PM

Was 2009 the year regulatory compliance became a good thing?



Posted by: David Schneier
Audit, business continuity planning, GLBA, information security, IT General Controls, red flags, red flags identity theft, Regulatory Compliance, Vendor Management

When I sat down to write my last blog post for 2009, I was planning to write either about my predictions for 2010 or a retrospective of 2009. But that’s just so clichéd; everyone does that or tries to. And as I’d wrote in a recent post about...


November 12, 2009  1:44 PM

Information security officers are a must



Posted by: David Schneier
Audit, business continuity planning, CISO, compliance, GLBA, information security, information security office, ISO, Regulatory Compliance, Vendor Management

I was talking with a client last week about a perceived gap in their organization.  Despite having to address multiple regulations cutting across several oversight bodies, they were lacking a single point of contact or central coordinator for all information security related activities.  Their...


October 20, 2009  3:05 PM

Should bank examiners rely on audit and assessment reports?



Posted by: David Schneier
assessment, Audit, bcp, business continuity planning, disaster recovery, DR, GLBA, information security, IT, NCUA, Regulatory Compliance, risk, risk assessment, technology

A favorite cliché of mine is “if it wasn’t for the last minute nothing would ever get done.” Personally it’s sort of the way I’m wired and in my industry it’s an unwritten rule when it comes to many annual activities. There’s an...


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: