Home > IT Blogs > Regulatory Reality/

Regulatory Reality:

regulations

1234
May 20, 2011  3:29 AM

Does the banking industry understand what risk-based means?



Posted by: David Schneier
compliance, FFIEC, GLBA, regulation, regulations, regulatory, Regulatory Compliance, risk, risk assessment, risk-based

Years ago I added an addition to my first house. After my second child arrived, we had simply run out of room and decided it was easier to expand our current living space rather than trying to find a bigger one. Plans were drawn up, work scheduled and money deposited. Two days before the first...

  Bookmark and Share     0 Comments     RSS Feed     Email a friend

May 8, 2011  4:46 AM

Another data breach? What else is new?



Posted by: David Schneier
breach, compliance, data breach, FDIC, NCUA, regulations, regulatory, Regulatory Compliance

The other day I was watching my cat attempt to catch his own tail. Now I know that by itself it’s not unusual for cats or dogs to attempt such a feat but for this one in particular it was unusual as I’ve never seen him do it before. He’s a remarkably athletic animal and...

  Bookmark and Share     0 Comments     RSS Feed     Email a friend

April 26, 2011  6:00 AM

Is compliance moving too fast?



Posted by: David Schneier
assessment, Audit, compliance, exam, examiner, exams, GLBA, governance, GRC, NCUA, oversight, regulations, regulatory, Regulatory Compliance, risk

I joined a new group last week on LinkedIn focusing on compliance within the banking space and during my first visit answered a forum question that started with "How do you manage the flow of compliance information"?  It was a relevant question and I was happy enough to offer my two cents (never a...

  Bookmark and Share     0 Comments     RSS Feed     Email a friend

April 8, 2011  10:45 AM

GRC is about to see its future.



Posted by: David Schneier
Audit, compliance, GLBA, governance, GRC, HIPAA, PCI, regulations, regulatory, Regulatory Compliance, risk, SOX, UCF

After nearly a quarter century of working in and around the corporate IT domain I have a grand total of four bold predictions I've made that stand out.  Three of them I had nailed dead on and the fourth never panned out a fact that confounds me still to this day. The...

  Bookmark and Share     0 Comments     RSS Feed     Email a friend

March 25, 2011  2:48 PM

A Hard Lesson Learned in Japan’s Disaster



Posted by: David Schneier
business continuity, business continuity plan, business continuity planning, disaster, disaster recovery, FFIEC, GLBA, NCUA, regulations, regulatory, Regulatory Compliance, Security

There will be no shortage of industry articles and analysis that will emerge from the horrific events in Japan over these past few weeks, that's for certain.  This is arguably the most significant event to hit a major regional economy since World War II and it's important to learn as many lessons...

  Bookmark and Share     2 Comments     RSS Feed     Email a friend

March 15, 2011  9:58 PM

Is your examiner a friend or foe?



Posted by: David Schneier
Audit, bank, banking, compliance, credit union, CU, exam, examiner, FDIC, GLBA, NCUA, OCC, oversight, regulations, regulatory, Regulatory Compliance

I was catching up on my industry emails the other day and buried in my FDIC email folder was Financial Institution Letter FIL-13-2011, sent out on March 1st. Truthfully I usually pay close attention to their Friday afternoon blasts regarding bank closings and only skim the rest. But this one...

  Bookmark and Share     0 Comments     RSS Feed     Email a friend

February 27, 2011  7:31 PM

Does an IT auditor need to be CISA certified?



Posted by: David Schneier
assessment, Audit, audit plan, audit program, CISA, CISSP, regulations, Regulatory Compliance, risk, risk management

It's been a while since my last post as I'm in hunker-down mode as we prepare our next compliance software offering for release.  But in the midst of my coding/testing insanity, a conversation occurred that brought up the value of certifications that I haven't been able to completely let go...

  Bookmark and Share     0 Comments     RSS Feed     Email a friend

February 10, 2011  4:07 PM

Should banks and social networking coincide?



Posted by: David Schneier
bank, banks, credit union, credit unions, email, Facebook, FDIC, LinkedIn, NCUA, regulations, regulatory, Regulatory Compliance, social network, social networking, tweet, tweeting, Twitter, web

A few weeks back my wife asked me, as a favor, if I could join one of Facebook's community-based games because the more "neighbors" you have, the easier it is to succeed and so I did. Truthfully it was a rare moment of weakness for me because I tend to avoid those sort of things as if it were the...

  Bookmark and Share     0 Comments     RSS Feed     Email a friend

January 29, 2011  1:34 AM

Regulatory compliance is not easy



Posted by: David Schneier
assessment, Audit, bcp, business continuity plan, disaster recovery, DR, FDIC, GLBA, NCUA, regulations, regulatory, Regulatory Compliance

Something happened within our practice this past week that made me recall a story from the very beginning of my audit and compliance career. Way back in 1998 when I was first transitioning from being an application developer/manager to a compliance/audit professional, my first long term engagement...

  Bookmark and Share     0 Comments     RSS Feed     Email a friend

October 22, 2010  3:20 AM

After a data security breach, who’s to blame?



Posted by: David Schneier
anti-malware, anti-virus, assessment, Audit, hack, HIPAA, regulations, regulatory, Regulatory Compliance, scanning, vulnerability

I read a blog post last week from my friend Ed Moyle in which he discussed a story about how a professor at the University of North Carolina-Chapel Hill was demoted because a server used in her research project was hacked.  A committee had concluded that it was the professor's fault that the...

  Bookmark and Share     0 Comments     RSS Feed     Email a friend

1234