September 14, 2011 6:27 AM
Posted by: David Schneier
assessment,
Audit,
bcp,
business,
business continuity,
business continuity planning,
compliance,
disaster recovery,
DR,
GLBA,
NCUA,
regulation,
regulatory,
Regulatory Compliance,
risk,
risk assessment,
vendor,
Vendor ManagementOne of the oddity's of my career is how some issues present themselves in a wide range of my clients despite the fact that there's often no meaningful way to compare them in size. Some have a single compliance person who is part Compliance Officer and part Information Security Officer and some...
August 28, 2011 3:17 PM
Posted by: David Schneier
Audit,
auditor,
bcp,
business continuity,
business continuity plan,
compliance,
disaster,
disaster recovery,
DR,
exam,
examiner,
GLBA,
NCUA,
regulations,
regulatory,
Regulatory ComplianceI'm violating my own standards by using such an easy topic to blog about but it's too big to ignore. With the increasing insanity being inspired by 2011's first true hurricane I'd be remiss if I didn't at least explore the impact this is going to have on the business community.
I just heard...
August 15, 2011 8:45 PM
Posted by: David Schneier
cdo,
compliance,
foreclosure,
NCUA,
regulations,
regulatory,
Regulatory ComplianceI had the good fortune to rediscover a recent favorite book while driving to a client engagement last week. It was the audio version of Michael Lewis’s “The Big Short”. I had first listened to it last year and thought at the time it was about as good a...
Comments are off for this post.
August 3, 2011 6:16 PM
Posted by: David Schneier
compliance,
GLBA,
NCUA,
NPPI,
PII,
regulatory,
Regulatory Compliance,
Security,
security awarenessWhen I first started blogging professionally a colleague of mine cautioned that I should avoid posting anything where a client might recognize themselves in any story or example I might relate, good or bad. And so in the years since I've gone to sometimes great length to anonymize my content to...
June 24, 2011 2:43 PM
Posted by: David Schneier
cloud,
compliance,
compliant,
FDIC,
FFIEC,
guidance,
NCUA,
PCI,
regulatory,
Regulatory Compliance,
regulatory guidanceOh how the times have changed. Once upon a time I was part of a group of peers who waited for new album releases, camped out over night for concert tickets and once even waited on line for the annual release of Strat-O-Matic's baseball set (perhaps the nerdiest thing I've ever done). And all of...
June 15, 2011 4:52 PM
Posted by: David Schneier
assess,
assessment,
Audit,
bank,
banking,
community bank,
compliance,
credit union,
CU,
data center,
GLBA,
NCUA,
regulation,
regulatory,
Regulatory Compliance,
SecurityI've been visiting with my mother who lives in a gated retirement community. In order for me to gain access to the development I need to pass through a security check point at the main gate. They ask me who I'm visiting, I provide my mother's name and either they find my name on the pre-approved...
June 3, 2011 3:18 PM
Posted by: David Schneier
assess,
assessment,
Audit,
compliance,
enterprise risk,
enterprise risk management,
ERM,
GLBA,
NCUA,
regulations,
regulatory,
Regulatory Compliance,
risk managementLast week while attending a banking conference I found myself in a conversation about Enterprise Risk Management (ERM). I had made the comment that I was tired of constantly hearing different definitions of what the discipline is and how it should be applied. It’s the...
May 8, 2011 4:46 AM
Posted by: David Schneier
breach,
compliance,
data breach,
FDIC,
NCUA,
regulations,
regulatory,
Regulatory ComplianceThe other day I was watching my cat attempt to catch his own tail. Now I know that by itself it’s not unusual for cats or dogs to attempt such a feat but for this one in particular it was unusual as I’ve never seen him do it before. He’s a remarkably athletic animal and...
April 26, 2011 6:00 AM
Posted by: David Schneier
assessment,
Audit,
compliance,
exam,
examiner,
exams,
GLBA,
governance,
GRC,
NCUA,
oversight,
regulations,
regulatory,
Regulatory Compliance,
riskI joined a new group last week on LinkedIn focusing on compliance within the banking space and during my first visit answered a forum question that started with "How do you manage the flow of compliance information"? It was a relevant question and I was happy enough to offer my two cents (never a...
