Regulatory Reality:

Regulatory Compliance


December 11, 2009  5:29 AM

Security threats: Old news isn’t good news



Posted by: David Schneier
Audit, compliance, cyber security, Regulatory Compliance, Security, threats

I just finished reading through the most recent report from Verizon Business, which offers a deeper dive into the most common security breaches identified during 2008 and quite frankly, I’m concerned.  Turns out that there’s very little new to worry about beyond what we...

December 1, 2009  1:49 AM

Bank Checks: the final frontier?



Posted by: David Schneier
bank, banking, checking account, credit card, FDIC, identify theft, online fraud, PCI, PII, Regulatory Compliance, routing number, social security numbers

I want to play a game with you, sort of like the compliance equivalent of the Rorschach inkblot test. I’m going to throw out a phrase and I want you to write down the first acronym that comes to mind.

Ready? Here we...


November 12, 2009  1:44 PM

Information security officers are a must



Posted by: David Schneier
Audit, business continuity planning, CISO, compliance, GLBA, information security, information security office, ISO, Regulatory Compliance, Vendor Management

I was talking with a client last week about a perceived gap in their organization.  Despite having to address multiple regulations cutting across several oversight bodies, they were lacking a single point of contact or central coordinator for all information security related activities.  Their...


October 29, 2009  5:23 PM

Regulatory compliance bits and bytes



Posted by: David Schneier
assessments, audits, bcp, business continuity planning, disaster recovery, DR, FDIC, general controls, GLBA, NCUA, NCUA Sheila Bair, Pandemic Planning, password, policy, procedure, Regulatory Compliance, risk assessments, SOX

Many years ago I found myself in one of those awkward moments where I needed to pay for something but didn’t have enough cash on hand to cover the bill. Rather than do the smart thing and find an ATM I instead elected to rip through my car and dig up all of the...


October 20, 2009  3:05 PM

Should bank examiners rely on audit and assessment reports?



Posted by: David Schneier
assessment, Audit, bcp, business continuity planning, disaster recovery, DR, GLBA, information security, IT, NCUA, Regulatory Compliance, risk, risk assessment, technology

A favorite cliché of mine is “if it wasn’t for the last minute nothing would ever get done.” Personally it’s sort of the way I’m wired and in my industry it’s an unwritten rule when it comes to many annual activities. There’s an...


October 8, 2009  8:33 PM

The COBIT framework isn’t an audit solution



Posted by: David Schneier
Audit, COBIT, GLBA, ISACA, ITGI, NCUA, Regulatory Compliance, risk, risk assessment, Risk IT, SOX, Val IT

I have an associate who has an addiction to certifications. He’s one of those “too smart for his own good” geniuses who often decides to change his career course and starts by obtaining whatever accreditation or cert is needed to do so....


September 30, 2009  7:34 PM

Accountability key to banking recovery



Posted by: David Schneier
Audit, bank, banking, compliance, credit union, CU, DIF, FDIC, GLBA, NCUA, Regulatory Compliance

Every day, I receive a semi-deluge of industry related emails.  Between the various agencies, media sites, organizations and associations I tend to receive more communiqués than I know what to do with.  But I developed an interesting habit last year when the banking...


September 16, 2009  9:02 PM

Can the economy rebound without the banks?



Posted by: David Schneier
Audit, bank, compliance, credit, GLBA, NCUA, real estate, Regulatory Compliance

I had one of those odd moments yesterday regarding the banking industry that I wanted to share with you.

On the homepage of a major news website were two headline stories. The first was about how Ben Bernanke believes the recession we’re...


September 10, 2009  4:16 AM

Test what makes sense, not headlines



Posted by: David Schneier
assessment, Audit, phishing, Regulatory Compliance, social engineering

The recent news about a social engineering exercise gone awry serves as a lesson on how not to conduct these kinds of tests. An information security firm had sent a credit union NCUA-branded media to install in order to test if the employees would react...


September 1, 2009  3:29 PM

IT audits versus reviews



Posted by: David Schneier
Audit, compliance, general controls, GLBA, governance, GRC, IT, ITGC, NCUA, Regulatory Compliance, risk, risk assessment

I had mentioned in my last post a recent conversation with my partner regarding a proposed IT general controls (ITGC) audit. My primary role in our practice is to head up regulatory compliance services which includes audits, assessments and program development; my...


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: