Regulatory Reality:

PCI


June 12, 2009  8:49 PM

Risk is at the heart of what matters most.



Posted by: David Schneier
assessment, Audit, compliance, GLBA, PCI, Regulatory Compliance, risk, risk assessment

I had two great conversations this week regarding risk assessments (jeez, does that ever sound geeky). The first conversation centered on what an associate was expecting  to accomplish via the risk assessment process and the second one was a general conversation about the proper approach to...

June 4, 2009  8:26 PM

Why financial institutions might want to keep an eye on the energy industry.



Posted by: David Schneier
CIP, FERC cyber security, NERC, PCI, Regulatory Compliance

Through an odd turn of events over the past few months I’ve found myself actively engaged with a group that’s focusing quite a bit of effort on NERC CIP. For those of you not in the know, NERC (North American Electric Reliability Corporation) is to the energy...


May 29, 2009  2:44 AM

Information security pros (and cons).



Posted by: David Schneier
encryption, NPPI, PCI, Regulatory Compliance, Security, SOX

Ever since I first started blogging I’ve worried that there would be weeks when I would simply draw a blank when it came to finding a topic worthy of the audience's time and attention. While I may have hit the occasional bump in the road with posts that weren’t...


May 7, 2009  9:58 PM

PCI compliance is not the end all



Posted by: David Schneier
Audit, PCI, Regulatory Compliance, SAS 70, Security

I was sitting in on a meeting this week during which a security review was being conducted for a proposed software solution for my client. The product was designed and hosted by a third-party vendor.

At first blush I was...


April 8, 2009  5:11 AM

The road to PCI compliance is fraught with potholes.



Posted by: David Schneier
PCI, Regulatory Compliance, Security

I’m a fan of diversification. Professionally or personally I strive to mix and match and switch things around to avoid falling into a rut and to keep things fresh; I’m hopeful the contents of my blog reflect on that....


March 30, 2009  6:55 PM

Why do you need policies and procedures? I’ll tell you why.



Posted by: David Schneier
Audit, GLBA, HIPAA, PCI, Regulatory Compliance, SOX

I once heard a parent say that they wished they had a dollar for every time their teen-aged child rolled their eyes at them.  I'm a parent so I get it.  But what I really wish for is to have a dollar for every time a client rolls their eyes at me when I tell them they need to have all their...


March 26, 2009  1:53 AM

Do the Visa PCI Shuffle



Posted by: David Schneier
PCI, Regulatory Compliance

Let me kick this off my clearly stating that I have never met Adrian Phillips, Visa International's Deputy Chief Enterprise Risk Officer and Regional Head of Risk for North America.  As a matter of fact I had never even heard this name until earlier this month.  I know so little about Mr....


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: