September 14, 2011 6:27 AM
Posted by: David Schneier
assessment,
Audit,
bcp,
business,
business continuity,
business continuity planning,
compliance,
disaster recovery,
DR,
GLBA,
NCUA,
regulation,
regulatory,
Regulatory Compliance,
risk,
risk assessment,
vendor,
Vendor ManagementOne of the oddity's of my career is how some issues present themselves in a wide range of my clients despite the fact that there's often no meaningful way to compare them in size. Some have a single compliance person who is part Compliance Officer and part Information Security Officer and some...
May 20, 2011 3:29 AM
Posted by: David Schneier
compliance,
FFIEC,
GLBA,
regulation,
regulations,
regulatory,
Regulatory Compliance,
risk,
risk assessment,
risk-basedYears ago I added an addition to my first house. After my second child arrived, we had simply run out of room and decided it was easier to expand our current living space rather than trying to find a bigger one. Plans were drawn up, work scheduled and money deposited. Two days before the first...
March 8, 2011 4:58 PM
Posted by: David Schneier
assessment,
Audit,
bank,
banking,
compliance,
credit union,
CU,
exam,
examination,
examiner,
exams,
governance,
GRC,
regulation,
regulatory,
Regulatory Compliance,
risk,
risk assessmentWe were having an internal conversation this past week about governance, risk, and compliance (GRC) and I was asked about its role in the small and...
January 8, 2011 5:41 PM
Posted by: David Schneier
Audit,
bcp,
BIA,
business continuity plan,
business impact analysis,
exam,
examiners,
FFIEC,
GLBA,
regulatory,
Regulatory Compliance,
risk,
risk assessmentOne of the first things I had to work on this week (and thus one of the first things to work on in the new year) was finalizing a report from last year. The report covered the results of a Business Continuity Plan desktop test and the client needed some clarifications around the results.
I've...
November 16, 2010 6:07 PM
Posted by: David Schneier
Audit,
bcp,
compliance,
general controls,
GLBA,
NCUA,
regulatory,
Regulatory Compliance,
risk,
risk assessment,
SecurityMy practice recently wrapped up an engagement in which we conducted a tabletop test of a client's business continuity plan. As always with such exercises, it's interesting to find out how much distance exists between what's documented in an institution's policy/program and how business is...
November 2, 2010 2:33 PM
Posted by: David Schneier
assessment,
Audit,
controls,
GLBA,
NCUA,
regulatory,
Regulatory Compliance,
risk assessmentI was in the midst of writing my weekly blog post focusing on threadbare thin compliance efforts when I was distracted by news of a potential terrorist incident. As you likely know by now, it appears that Al-Qaeda was either attempting to send explosive devices onto airplanes or was conducting a...
September 20, 2010 8:28 PM
Posted by: David Schneier
Audit,
compliance,
exam,
examination,
GLBA,
HIPAA,
NCUA,
NERC,
PCI,
regulatory,
Regulatory Compliance,
risk,
risk assessment,
SOXI stumbled upon an old nemesis of mine recently and the bad taste it left in my mouth continues to offend my senses.
In an industry where there are standards that define how standards should be written and websites dedicated to dissecting each standard so that everyone can understand what the...
August 25, 2010 4:07 PM
Posted by: David Schneier
Audit,
business continuity,
business continuity planning,
compliance,
FDIC,
GLBA,
NCUA,
penetration test,
penetration testing,
regulatory,
Regulatory Compliance,
risk,
risk assessment,
Security,
security awareness,
social engineering,
Vendor Management,
vulnerability testSummer at home officially ended this morning as my children returned to school. Beyond the fact that I consider it cruel and inhuman punishment to resume academic activities before Labor Day, it also serves as a wake-up call that we're well past mid-year on the traditional calendar and eying the...
August 16, 2010 2:43 PM
Posted by: David Schneier
Audit,
bank,
banking,
cloud,
cloud computing,
credit union,
FDIC,
GLBA,
merger,
NCUA,
NPPI,
PII,
regulatory,
Regulatory Compliance,
risk,
risk assessmentEarlier this month, I blogged about my concerns regarding a drop-off in information security oversight by banking regulators. In this age of safety and soundness first, everything else is second, if at all. It's more than a week later and I'm not feeling any better about things; as a matter of...
