Regulatory Reality:

Regulatory Compliance


April 8, 2010  2:24 PM

Online identify theft: One victim’s story



Posted by: David Schneier
cyber security, id theft, information security, password, password theft, phish, phishing, Regulatory Compliance, scam, Security, security awareness

Last month I blogged about a phishing attempt that landed in my inbox.  The email account belonged to someone named Rebecca Keen who I had never heard of before (or so I believed at the time).  As I was finishing writing that post, I received a follow-up email from the same person indicating...

March 22, 2010  3:20 PM

Information security awareness begins at home



Posted by: David Schneier
ATM, Facebook, hack, hacker, information security, LinkedIn, Regulatory Compliance, Security, security awareness, social network

Sometimes the best blog ideas just fall into my lap. I was greeted by this status the other day on Facebook:  "

  Bookmark and Share     0 Comments     RSS Feed     Email a friend


March 14, 2010  3:59 AM

Muddy waters: Governance, risk and compliance



Posted by: David Schneier
assessment, Audit, framework, GLBA, GRC, IT General Controls, ITGC, Regulatory Compliance, risk, risk management

I had an email exchange with a colleague last week in which GRC (governance, risk and compliance as a unified methodology) was central to the discussion.  She felt that there's been a blurring of the lines in how people view GRC versus ERM (enterprise risk management) as disciplines and wanted to...


March 2, 2010  8:18 PM

Something smells phishy



Posted by: David Schneier
email, fraud, GLBA, phish, phishing, Regulatory Compliance, scam, scammer, Security, spam, theft

I received an email from Rebecca Keen this morning asking for help.  You see, Rebecca took an unexpected trip to the UK and while there lost her wallet and all of her financial resources and was hoping I could help.  She asked if I could float her a temporary loan of $1,540 so she could settle...


February 23, 2010  4:17 AM

Rethinking compliance software



Posted by: David Schneier
Audit, bcp, disaster recovery, GLBA, PCI, Regulatory Compliance, risk assessment, SOX, Vendor Management

Here's me about to eat crow. After nearly a decade of railing against software as a solution to address the challenges of regulatory/industry compliance, I'm being forced to reconsider my position. I've long advocated that an institution or organization could just as easily develop manual...


February 12, 2010  11:38 PM

IT audit reports: Why you can’t handle the truth



Posted by: David Schneier
Audit, corruption, fraud, GLBA, Information Technology General Controls, infrastructure, IT, IT General Controls, ITGC, NCUA, Regulatory Compliance

I was reading the local newspaper this morning and was surprised to find a front page story ripped from the headlines of my professional life (ironic, I know). Right there on the front page of today's News and Observer was a story about how a recent audit claimed corruption at a local college...


February 5, 2010  3:57 AM

How security aware is your organization?



Posted by: David Schneier
Audit, GLBA, information security, NCUA, phish, phishing, Regulatory Compliance, risk, risk assessment, Security, security testing, social engineering

Consider this post to be something of a (banking) community service announcement. It's February 2010, do you know when the last time was that your organization conducted a social engineering exercise? I come across instances almost all of the time where financial institutions have obvious...


January 27, 2010  12:13 AM

Banking regulatory reform is a comin’



Posted by: David Schneier
bank, banking, Basel, FDIC, FFIEC, GLBA, NCUA, Regulatory Compliance

I was scanning through emails the other day and almost missed a good one. It was from the FDIC on Friday, January 22. As we’ve all come to know Friday is the FDIC’s equivalent of “bring out the dead day” when they almost always announce the...


January 15, 2010  6:05 AM

The best part of audit (yes, I mean audit)



Posted by: David Schneier
Audit, controls, evidence, GLBA, Regulatory Compliance, risk

A recent jobs survey released last week indicated that less than 50% of the work force is satisfied with their job. Me, I’m a lucky guy as I genuinely like what I do for a living. It’s funny in a way because over the first decade or so of my...


December 29, 2009  5:30 PM

Was 2009 the year regulatory compliance became a good thing?



Posted by: David Schneier
Audit, business continuity planning, GLBA, information security, IT General Controls, red flags, red flags identity theft, Regulatory Compliance, Vendor Management

When I sat down to write my last blog post for 2009, I was planning to write either about my predictions for 2010 or a retrospective of 2009. But that’s just so clichéd; everyone does that or tries to. And as I’d wrote in a recent post about...


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: