Regulatory Reality:

regulations


October 11, 2010  3:56 PM

Vendor management program efforts still fall (way) short



Posted by: David Schneier
assess, examination, examiner, GLBA, NCUA, periodic review, regulations, regulatory, Regulatory Compliance, risk, risk rating, third party management, third party oversight, vendor, Vendor Management, vendor risk rating

Early last week I downloaded some fresh content covering vendor management.  It turned out that the new information wasn't really new, it's guidance that's been circulating in one form or another for years and tracks closely with guidance ripped from the pages of the Sante Fe Group/BITS Shared...

October 1, 2010  7:41 PM

Hidden information security threats are still threats



Posted by: David Schneier
Audit, bank, banking, compliance, credit union, CU, FDIC, FFIEC, financial, financial institutions, personally identifiable informaiton, regulations, regulatory, Regulatory Compliance, security PII

Growing up I was a huge fan of the sitcom "The Odd Couple."  Some of my favorite catch phrases have in some part been influenced by lines of dialogue that I memorized.  One in particular serves as the best pure definition for a phenomenon I encounter frequently enough in my audit/compliance...


July 12, 2010  6:31 PM

The banking crisis gets another dose of common sense



Posted by: David Schneier
economy, FDIC, lending, mortgage, regulations, Regulatory Compliance, Sheila Bair

Summertime often means vacation time and while I'm not sure I'll take a true vacation ever again, my wife imposes her will upon me and makes me at least try.  I try and circumvent the process a bit by using the downtime to catch up on some of my reading and this year the book of choice is Michael...


June 14, 2010  6:57 AM

An update on governance, risk and compliance



Posted by: David Schneier
Audit, compliance, governance, GRC, regulations, Regulatory Compliance, risk, risk assessment

I just had an article published in Information Security magazine on GRC titled "Demystifying governance, risk and compliance."  It's a piece...


July 27, 2009  8:56 PM

Let the FDIC lead the way!



Posted by: David Schneier
banking, compliance, FDIC, regulations, Regulatory Compliance

I can’t think of any more telling comment about where I am in my professional life than what I’m about to offer:

Sheila Bair rocks!

If you don’t know who she is, well, shame on you.  Because...


July 17, 2009  1:58 PM

Does compliance equate to secure?



Posted by: David Schneier
Audit, compliance, cyber security, FFIEC, GLBA, PCI, regulations, Regulatory Compliance, Security, SOX

Despite earning a living in the space, I often question the value of regulatory compliance.

How is it that a business can be PCI-compliant but still have glaring vulnerabilities?  How is it that despite layer upon layer of controls...


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: