Regulatory Reality:

Regulatory Compliance


July 22, 2010  6:32 PM

Compliance doesn’t ensure data security



Posted by: David Schneier
backup, data breach, HIPPAA, offsite storage, PCI, regulatory, Regulatory Compliance, Security, security breach

I'm fond of saying that a business entity complies with regulatory and industry requirements for one of two reasons: because it helps protect sensitive information or because they have to.  Some may argue that regardless of the reason, both will get you to the same place with the same...

July 12, 2010  6:31 PM

The banking crisis gets another dose of common sense



Posted by: David Schneier
economy, FDIC, lending, mortgage, regulations, Regulatory Compliance, Sheila Bair

Summertime often means vacation time and while I'm not sure I'll take a true vacation ever again, my wife imposes her will upon me and makes me at least try.  I try and circumvent the process a bit by using the downtime to catch up on some of my reading and this year the book of choice is Michael...


June 25, 2010  4:08 PM

Security pros need to practice vigilance not avoidance



Posted by: David Schneier
controls, firewall, firewalls, hackers, hacking, information security, regulatory, Regulatory Compliance, Security, social network, web filters

A week or so ago, I received an invitation from a professional friend of mine to connect via Facebook.  He's someone whose brain I've picked time and again as he's one of the brightest information security people I've worked with but more importantly, he's also someone who I enjoy talking to, and...


June 17, 2010  3:36 PM

Should it be this easy to bypass network security?



Posted by: David Schneier
cyber security, firewall, information security, network, penetration test, penetration testing, Regulatory Compliance, vulnerability

A few weeks back, I went online to pay my cable bill.  There's a long story behind the struggles I've had in doing so since becoming a customer, but I'll save that for another time.   Part of the longer story, though, involves my bookmarking the sign-on page where I can access my account and make...


June 14, 2010  6:57 AM

An update on governance, risk and compliance



Posted by: David Schneier
Audit, compliance, governance, GRC, regulations, Regulatory Compliance, risk, risk assessment

I just had an article published in Information Security magazine on GRC titled "Demystifying governance, risk and compliance."  It's a piece...


June 1, 2010  7:32 PM

Flu pandemic plan: No need to go overboard



Posted by: David Schneier
Audit, bcp, business continuity planning, findings, observations, pandemic, Pandemic Planning, regulatory, Regulatory Compliance, testing

I'm returning to the office after having given in to the siren song of Memorial Day weekend.  Despite enjoying the long break and all its trappings (way too much I might add), something that hit my radar last week remained on my mind. Earlier in the week, I came across a comment in an IT audit...


May 21, 2010  1:55 PM

The new Senate finance bill: not what I hoped for



Posted by: David Schneier
Audit, compliance, FDIC, OCC, Regulatory Compliance, risk, risk assessment, risk assessments, SEC

I'm an optimist:  Ask anyone who knows me either personally or professionally and they'll agree.  And I've been eagerly anticipating new legislation ever since the banks spiraled out of control and needed government intervention to save themselves.  As my wife likes to tell people, when the...


May 10, 2010  4:59 AM

FDIC bank closure hits close to home



Posted by: David Schneier
compliance, FDIC, GLBA, governance, GRC, HIPAA, PCI, Regulatory Compliance, risk, risk assessment, SOX

In the past, I've made sometimes flip and irreverent comments about the weekly FDIC announcements that land in my inbox regarding bank closings.  Despite the mind-numbing number of institutions that have been closed over the past year or so and the somewhat extensive list of institutions I've...


April 23, 2010  10:14 PM

Compliance professionals need thick skins



Posted by: David Schneier
assessment, assessments, Audit, bcp, business continuity planning, controls, framework, general controls, GLBA, IT General Controls, NCUA, Regulatory Compliance, Security, security awareness, Vendor Management

I've often surprised people when it comes to conducting audit/assessment work or developing compliance programs.  Generally speaking I'm a reasonable person who typically exhibits an abundance of flexibility in my day-to-day life.  However when it comes to my career, I tend to be much more of a...


April 16, 2010  4:56 PM

Regulatory compliance is not optional



Posted by: David Schneier
Audit, bcp, business continuity planning, compliance, exam, examiner, FDIC, NCUA, Regulatory Compliance, vendor, Vendor Management

If I haven't already shared this with you, I'm a partner in a regulatory compliance advisory firm.  We offer services to the banking sector that pretty much cover the entirety of the information security spectrum.  And as you might imagine, there's a fair amount of sales and marketing that go...


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: