Regulatory Reality:

Regulatory Compliance


August 18, 2009  8:05 PM

Is perspective on our regulatory landscape a blessing or a curse?



Posted by: David Schneier
Audit, FDIC, GLBA, PCI, regulatory, Regulatory Compliance, SOX

I was away from the office last week trying squeeze in a family vacation before the kids head back to school. Despite taking the occasional phone call and replying to a number of emails, there was still plenty waiting for me today when I returned to my normal...

August 8, 2009  3:31 AM

How to combat the insider threat



Posted by: David Schneier
assessment, Audit, breach, insider threat, Regulatory Compliance, risk assessment, Security

I was reading an article last week about how there’s been a recent increase in the number of reported security breaches caused by internal resources.  The insider threat is not a new one as corporate espionage is as old as civilization but it certainly is getting more...


July 27, 2009  8:56 PM

Let the FDIC lead the way!



Posted by: David Schneier
banking, compliance, FDIC, regulations, Regulatory Compliance

I can’t think of any more telling comment about where I am in my professional life than what I’m about to offer:

Sheila Bair rocks!

If you don’t know who she is, well, shame on you.  Because...


July 17, 2009  1:58 PM

Does compliance equate to secure?



Posted by: David Schneier
Audit, compliance, cyber security, FFIEC, GLBA, PCI, regulations, Regulatory Compliance, Security, SOX

Despite earning a living in the space, I often question the value of regulatory compliance.

How is it that a business can be PCI-compliant but still have glaring vulnerabilities?  How is it that despite layer upon layer of controls...


July 8, 2009  3:45 PM

How’s about a federally mandated Information Security Assessment?



Posted by: David Schneier
Audit, compliance, cyber security, FERC cyber security, GLBA, NERC, Regulatory Compliance, SOX

I had a eureka moment recently that I’d like to share.

In considering the implications of the recently announced changes by MasterCard that will now require PCI Level 2 merchants to be assessed by a Qualified Security Assessor (QSA) it occurred to me...


July 2, 2009  2:53 AM

2 for 1 sale: How governance leads to compliance.



Posted by: David Schneier
Audit, compliance, GLBA, governance, GRC, PCI, Regulatory Compliance, SOX

A while back I’d written about the Unified Compliance Framework from Network Frontiers, which takes quite literally every regulation and framework within the IT domain and maps them in such a way where you can identify how a single control addresses multiple requirements. In...


June 22, 2009  3:46 PM

Financial regulations and my crystal ball.



Posted by: David Schneier
Audit, compliance, GLBA, obama, OTS, PCI, Regulatory Compliance, SOX

I had a great piece lined up for this week about a governance project I’m working on but was waylaid by all the news that hit the radar around regulatory reform.

In what may be the understatement of the year, the plans revealed last week by President...


June 12, 2009  8:49 PM

Risk is at the heart of what matters most.



Posted by: David Schneier
assessment, Audit, compliance, GLBA, PCI, Regulatory Compliance, risk, risk assessment

I had two great conversations this week regarding risk assessments (jeez, does that ever sound geeky). The first conversation centered on what an associate was expecting  to accomplish via the risk assessment process and the second one was a general conversation about the proper approach to...


June 4, 2009  8:26 PM

Why financial institutions might want to keep an eye on the energy industry.



Posted by: David Schneier
CIP, FERC cyber security, NERC, PCI, Regulatory Compliance

Through an odd turn of events over the past few months I’ve found myself actively engaged with a group that’s focusing quite a bit of effort on NERC CIP. For those of you not in the know, NERC (North American Electric Reliability Corporation) is to the energy...


May 29, 2009  2:44 AM

Information security pros (and cons).



Posted by: David Schneier
encryption, NPPI, PCI, Regulatory Compliance, Security, SOX

Ever since I first started blogging I’ve worried that there would be weeks when I would simply draw a blank when it came to finding a topic worthy of the audience's time and attention. While I may have hit the occasional bump in the road with posts that weren’t...


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: