PCI

Regulatory compliance management lacking common sense

I stumbled upon an old nemesis of mine recently and the bad taste it left in my mouth continues to offend my senses. In an industry where there are standards that define how standards should be written and websites dedicated to dissecting each standard so that everyone can understand what the...

Compliance doesn’t ensure data security

I'm fond of saying that a business entity complies with regulatory and industry requirements for one of two reasons: because it helps protect sensitive information or because they have to.  Some may argue that regardless of the reason, both will get you to the same place with the same...

FDIC bank closure hits close to home

In the past, I've made sometimes flip and irreverent comments about the weekly FDIC announcements that land in my inbox regarding bank closings.  Despite the mind-numbing number of institutions that have been closed over the past year or so and the somewhat extensive list of institutions I've...

Rethinking compliance software

Here's me about to eat crow. After nearly a decade of railing against software as a solution to address the challenges of regulatory/industry compliance, I'm being forced to reconsider my position. I've long advocated that an institution or organization could just as easily develop manual...

Bank Checks: the final frontier?

I want to play a game with you, sort of like the compliance equivalent of the Rorschach inkblot test. I’m going to throw out a phrase and I want you to write down the first acronym that comes to mind.

Ready? Here we...

In Memoriam: David Taylor

I was shocked and saddened today to learn of the unexpected passing of David Taylor, founder of the PCI Knowledge Base. My deepest sympathy goes to his family. Dave founded the PCI Knowledge Base, a research community that shares information to help organizations achieve PCI compliance, after a...

Is perspective on our regulatory landscape a blessing or a curse?

I was away from the office last week trying squeeze in a family vacation before the kids head back to school. Despite taking the occasional phone call and replying to a number of emails, there was still plenty waiting for me today when I returned to my normal...

Does compliance equate to secure?

Despite earning a living in the space, I often question the value of regulatory compliance.

How is it that a business can be PCI-compliant but still have glaring vulnerabilities?  How is it that despite layer upon layer of controls...

2 for 1 sale: How governance leads to compliance.

A while back I’d written about the Unified Compliance Framework from Network Frontiers, which takes quite literally every regulation and framework within the IT domain and maps them in such a way where you can identify how a single control addresses multiple requirements. In...

Financial regulations and my crystal ball.

I had a great piece lined up for this week about a governance project I’m working on but was waylaid by all the news that hit the radar around regulatory reform.

In what may be the understatement of the year, the plans revealed last week by President...