Regulatory Reality:

Regulatory Compliance

May 20, 2009  7:31 PM

IT Security: Something has to give.

Posted by: David Schneier
Audit, FDIC, FFIEC, fraud, GLBA, NCUA, phishing, Regulatory Compliance

My practice has been busy lately helping a number of clients catch up on required tasks before their scheduled exams (it's a case of the old "if it wasn't for the last minute nothing would ever happen" philosophy).  And in authoring some of our reports we're identifying issues and gaps that are in...

May 14, 2009  6:38 PM

Who put the G in GRC?

Posted by: David Schneier
Audit, compliance, governance, GRC, Regulatory Compliance, risk

I’m something of an advocate for Governance, Risk and Compliance (GRC) and have been for several years.  I’ve been known to rant a bit how it’s not properly organized as an acronym because everyone who knows knows that risk comes first and so it should’ve been...

May 7, 2009  9:58 PM

PCI compliance is not the end all

Posted by: David Schneier
Audit, PCI, Regulatory Compliance, SAS 70, Security

I was sitting in on a meeting this week during which a security review was being conducted for a proposed software solution for my client. The product was designed and hosted by a third-party vendor.

At first blush I was...

April 29, 2009  3:33 PM

Pandemic Planning: a quick update.

Posted by: David Schneier
bcp, business continuity planning, pandemic, Regulatory Compliance

I wanted to post a quick update regarding the looming threat of a true pandemic event courtesy of the swine flu.

In the past forty-eight hours I’ve had conversations with three separate clients in which the subject of their pandemic response plans...

April 27, 2009  5:28 PM

How’s your Pandemic Response Plan looking today?

Posted by: David Schneier
bcp, business continuity planning, FFIEC, GLBA, NCUA, pandemic, Regulatory Compliance

I started my day yesterday by finding my 12-year-old sitting with his eyes riveted on the laptop screen reading what I figured was something either on Facebook or a sports related website.  I only wish.  Turns out he was fixated on the breaking news covering the swine flu. Much like his...

April 21, 2009  8:12 PM

FDIC: More than just a sticker on the bank’s door.

Posted by: David Schneier
banking, FDIC, Regulatory Compliance

I opened my front door last week and found my industry waiting for me on my very own doorstep, seriously. The Raleigh News and Observer had a story on page one about how U.S. Senator Richard Burr called his family during the early days of the banking crisis last Fall and...

April 14, 2009  8:00 PM

Is information ever truly secure?

Posted by: David Schneier
Regulatory Compliance, Security

I never post on consecutive days; often times I struggle to post on consecutive weeks when the ideas just aren't flowing.  But after the day I've just had I have no where to go with what's swirling around in my head and so to my soapbox I run. Without bogging the story down in needless details...

April 13, 2009  9:36 PM

What vendor management is really all about

Posted by: David Schneier
FDIC, FFIEC, GLBA, Regulatory Compliance, shared assessment, Vendor Management

I received an email from a colleague last week in regards to my recent post about the BITS Shared Assessments Program.  In the entry I offered my high opinion of the framework but went out of my way to point out that by itself the assessment is not a vendor management program.  The subject line...

April 8, 2009  5:11 AM

The road to PCI compliance is fraught with potholes.

Posted by: David Schneier
PCI, Regulatory Compliance, Security

I’m a fan of diversification. Professionally or personally I strive to mix and match and switch things around to avoid falling into a rut and to keep things fresh; I’m hopeful the contents of my blog reflect on that....

April 2, 2009  4:21 PM

Keep an eye on Shared Assessments.

Posted by: David Schneier
Audit, GLBA, Regulatory Compliance, SOX, Vendor Management

About thirty seconds after I posted my last blog an item on the

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: