Regulatory Reality:

infrastructure

1

March 6, 2013  5:19 PM

Security Standards: What’s in a name?



Posted by: David Schneier
assess, assessment, assessments, Audit, auditor, audits, CISO, community bank, control, controls, credit union, credit unions, data security, framework, information security, information security office, infrastructure, ISO, risk assess, risk assessment, risk assessments, risk management, risk-based

I had an interesting phone call recently with someone in a CISO-type position.  They were looking for a consultant to help them keep a seat warm working with information security risk assessments and were hoping to find a resource with practical experience using the NIST 800-53 standard.  It was...

September 21, 2012  3:44 PM

Are self-assessments the right way to go?



Posted by: David Schneier
assess, assessment, assessments, Audit, bank, banking, CISO, CISSP, compliance, compliance officer, compliant, credit union, credit unions, CU, disaster, disaster recovery, DR, enterprise risk, enterprise risk management, ERM, exam, examination, examinations, examiner, examiners, exams, framework, governance, GRC, guidance, information security, information security office, infrastructure, ISO, oversight, policy, procedure, regulation, regulations, regulations audit, regulatory, regulatory guidance, risk assess, risk assessment, risk assessments, risk management, risk-based, risks, technology

About a decade ago a family member chastised me for having an auto repair shop do my oil changes for me.  She (yeah, you’re reading that right – “she”) pointed out how ridiculously easy it was to drain the old oil, replace it with the new stuff and check a wide variety of fluid levels,...


July 6, 2012  3:18 AM

Risk: The core issue behind regulatory requirements



Posted by: David Schneier
assess, assessment, assessments, Audit, audits, bank, banking, banks, compliance, compliant, control, credit union, credit unions, CU, enterprise risk, enterprise risk management, ERM, exam, examination, examinations, examiner, exams, FDIC, Federal Reserve Bank, FFIEC, financial institutions, framework, FRB, general controls, GLBA, governance, GRC, guidance, information security, information security office, infrastructure, NCUA, PII, policy, procedure, regulation, regulations, regulations audit, risk assessment, risk assessments, Risk IT, risk management, risk rating, risk-based, risks, threats, vendor, Vendor Management, vendor risk, vendor risk assessment

There's a joke of sorts within my personal circle of family and friends regarding what it is that I do these days.  Ask me and I'll tell you that I'm a regulatory compliance expert who advises financial institutions on how to comply with the myriad rules and regulations governing information...


February 12, 2010  11:38 PM

IT audit reports: Why you can’t handle the truth



Posted by: David Schneier
Audit, corruption, fraud, GLBA, Information Technology General Controls, infrastructure, IT, IT General Controls, ITGC, NCUA, Regulatory Compliance

I was reading the local newspaper this morning and was surprised to find a front page story ripped from the headlines of my professional life (ironic, I know). Right there on the front page of today's News and Observer was a story about how a recent audit claimed corruption at a local college...


1

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: