September 21, 2012 3:44 PM
Posted by: David Schneier
assess,
assessment,
assessments,
Audit,
bank,
banking,
CISO,
CISSP,
compliance,
compliance officer,
compliant,
credit union,
credit unions,
CU,
disaster,
disaster recovery,
DR,
enterprise risk,
enterprise risk management,
ERM,
exam,
examination,
examinations,
examiner,
examiners,
exams,
framework,
governance,
GRC,
guidance,
information security,
information security office,
infrastructure,
ISO,
oversight,
policy,
procedure,
regulation,
regulations,
regulations audit,
regulatory,
regulatory guidance,
risk assess,
risk assessment,
risk assessments,
risk management,
risk-based,
risks,
technologyAbout a decade ago a family member chastised me for having an auto repair shop do my oil changes for me. She (yeah, you’re reading that right – “she”) pointed out how ridiculously easy it was to drain the old oil, replace it with the new stuff and check a wide variety of fluid levels,...
August 21, 2012 2:21 PM
Posted by: David Schneier
checking account,
checks,
credit,
credit card,
cyber security,
data security,
hack,
hacker,
hackers,
hacking,
identify theft,
identity management,
identity theft,
information security,
NPPI,
password,
password theft,
phish,
phishing,
PII,
privacy,
regulation,
regulationsI'm not much of a shopper. I decide what it is I need/want to buy, assess the market place to determine quality and price and once I have a generally strong sense for both make a decision and move forward. My wife on the other hand loves the constant trolling, scouring and scouting of just...
August 8, 2012 6:21 PM
Posted by: David Schneier
Audit,
auditor,
audits,
bank,
banking,
banks,
Board,
Board of Directors,
BoD,
business,
community bank,
compliance,
control,
controls,
exam,
examination,
examinations,
examiner,
examiners,
exams,
financial institutions,
fraud,
governance,
regulation,
regulations,
regulations audit,
regulatory,
regulatory guidance,
SOXI have an odd relationship with management reporting. I know it's a necessity and quite often see clear value in what's packaged for senior management and board review. But a significant piece of the reporting content comes in the form of metrics and, well, whenever I hear the term it conjures...
July 29, 2012 6:39 PM
Posted by: David Schneier
ATM,
bank,
banking,
banks,
breach,
checking account,
community bank,
credit,
credit card,
cyber security,
data security,
evidence,
financial institutions,
hack,
hacker,
hackers,
hacking,
id theft,
identity theft,
information security,
network,
oversight,
PCI,
personally identifiable informaiton,
PII,
regulation,
regulations,
Security,
security breach,
theftIf my blogging about credit card breaches has a bit of a deja vu feel to it you're not crazy, I last touched on it less than six months ago. Sadly I was handed a new update this week in the form of my bank card being cancelled from right out underneath me again. For those of you keeping score...
July 21, 2012 8:25 PM
Posted by: David Schneier
Add new tag,
assess,
assessment,
assessments,
bank,
banking,
banking crisis,
banks,
community bank,
compliance,
compliance officer,
compliant,
control,
credit,
credit card,
data security,
Dodd-Frank,
economy,
enterprise risk,
enterprise risk management,
ERM,
exam,
examination,
examinations,
examiner,
examiners,
exams,
Federal Reserve Bank,
FFIEC,
financial,
financial institutions,
framework,
information security office,
lending,
LinkedIn,
mortgage,
NCUA,
NCUA Sheila Bair,
NPPI,
observations,
oversight,
personally identifiable informaiton,
PII,
policy,
privacy,
procedure,
regulation,
regulations,
regulations audit,
regulatory,
regulatory guidance,
risk assess,
risk assessment,
risk assessments,
risk management,
risk-based,
risks,
security PII,
Sheila Bair,
social security numbers,
technology,
third party management,
third party oversight,
vendor,
Vendor Management,
vendor risk,
vendor risk assessmentI was an unabashed fan of Sheila Bair and made no secret of that fact. She was a breath of fresh air in a line of work where everything is stale and always at least a little boring. Not that Martin Gruenberg is any less effective running the FDIC, he's just a whole lot less interesting to pay...
July 6, 2012 3:18 AM
Posted by: David Schneier
assess,
assessment,
assessments,
Audit,
audits,
bank,
banking,
banks,
compliance,
compliant,
control,
credit union,
credit unions,
CU,
enterprise risk,
enterprise risk management,
ERM,
exam,
examination,
examinations,
examiner,
exams,
FDIC,
Federal Reserve Bank,
FFIEC,
financial institutions,
framework,
FRB,
general controls,
GLBA,
governance,
GRC,
guidance,
information security,
information security office,
infrastructure,
NCUA,
PII,
policy,
procedure,
regulation,
regulations,
regulations audit,
risk assessment,
risk assessments,
Risk IT,
risk management,
risk rating,
risk-based,
risks,
threats,
vendor,
Vendor Management,
vendor risk,
vendor risk assessmentThere's a joke of sorts within my personal circle of family and friends regarding what it is that I do these days. Ask me and I'll tell you that I'm a regulatory compliance expert who advises financial institutions on how to comply with the myriad rules and regulations governing information...
May 21, 2012 1:47 PM
Posted by: David Schneier
ACH,
bank,
banking,
checks,
compliance,
identity management,
identity theft,
regulations,
regulatory,
Regulatory Compliance,
remote capture,
remote deposit captureBefore I even get into the nitty-gritty of the post I have to point out that in the time it took me to choose the topic and start writing I've already thought of three perfect ways to steal your money via remote deposit capture. Seriously, this is a hugely bad idea that will lead to hundreds of...
April 29, 2012 7:43 PM
Posted by: David Schneier
assessment,
assessments,
Audit,
compliance,
control,
control owners,
controls,
findings,
GLBA,
internal audit,
NCUA,
regulations,
regulatory,
Regulatory Compliance,
risk,
risk assessments,
risksMy first encounter with an auditor was back in the mid-90's while working as an application project manager for a Fortune 100 company. The group responsible for change management was going through an audit of their process and one of the changes that was selected for review happened to belong to...
April 14, 2012 2:23 PM
Posted by: David Schneier
Add new tag,
ATM,
Audit,
compliance,
GLBA,
PCI,
regulation,
regulations,
regulatory,
Regulatory Compliance,
SecurityTwo weeks ago news broke about a huge, massive leak of credit card information from a processor called Global Payments and I braced for a firestorm of media coverage that was sure to follow. Two weeks hence and it's pretty much a non-event. A few days ago the State of Utah reported a breach of...
