Regulatory Reality:

risk


September 20, 2010  8:28 PM

Regulatory compliance management lacking common sense



Posted by: David Schneier
Audit, compliance, exam, examination, GLBA, HIPAA, NCUA, NERC, PCI, regulatory, Regulatory Compliance, risk, risk assessment, SOX

I stumbled upon an old nemesis of mine recently and the bad taste it left in my mouth continues to offend my senses. In an industry where there are standards that define how standards should be written and websites dedicated to dissecting each standard so that everyone can understand what the...

August 25, 2010  4:07 PM

Are you GLBA compliant and ready for year-end?



Posted by: David Schneier
Audit, business continuity, business continuity planning, compliance, FDIC, GLBA, NCUA, penetration test, penetration testing, regulatory, Regulatory Compliance, risk, risk assessment, Security, security awareness, social engineering, Vendor Management, vulnerability test

Summer at home officially ended this morning as my children returned to school.  Beyond the fact that I consider it cruel and inhuman punishment to resume academic activities before Labor Day, it also serves as a wake-up call that we're well past mid-year on the traditional calendar and eying the...


August 16, 2010  2:43 PM

Data security risks in the new age of banking



Posted by: David Schneier
Audit, bank, banking, cloud, cloud computing, credit union, FDIC, GLBA, merger, NCUA, NPPI, PII, regulatory, Regulatory Compliance, risk, risk assessment

Earlier this month, I blogged about my concerns regarding a drop-off in information security oversight by banking regulators. In this age of safety and soundness first, everything else is second, if at all.  It's more than a week later and I'm not feeling any better about things; as a matter of...


June 14, 2010  6:57 AM

An update on governance, risk and compliance



Posted by: David Schneier
Audit, compliance, governance, GRC, regulations, Regulatory Compliance, risk, risk assessment

I just had an article published in Information Security magazine on GRC titled "Demystifying governance, risk and compliance."  It's a piece...


May 21, 2010  1:55 PM

The new Senate finance bill: not what I hoped for



Posted by: David Schneier
Audit, compliance, FDIC, OCC, Regulatory Compliance, risk, risk assessment, risk assessments, SEC

I'm an optimist:  Ask anyone who knows me either personally or professionally and they'll agree.  And I've been eagerly anticipating new legislation ever since the banks spiraled out of control and needed government intervention to save themselves.  As my wife likes to tell people, when the...


May 10, 2010  4:59 AM

FDIC bank closure hits close to home



Posted by: David Schneier
compliance, FDIC, GLBA, governance, GRC, HIPAA, PCI, Regulatory Compliance, risk, risk assessment, SOX

In the past, I've made sometimes flip and irreverent comments about the weekly FDIC announcements that land in my inbox regarding bank closings.  Despite the mind-numbing number of institutions that have been closed over the past year or so and the somewhat extensive list of institutions I've...


March 14, 2010  3:59 AM

Muddy waters: Governance, risk and compliance



Posted by: David Schneier
assessment, Audit, framework, GLBA, GRC, IT General Controls, ITGC, Regulatory Compliance, risk, risk management

I had an email exchange with a colleague last week in which GRC (governance, risk and compliance as a unified methodology) was central to the discussion.  She felt that there's been a blurring of the lines in how people view GRC versus ERM (enterprise risk management) as disciplines and wanted to...


February 5, 2010  3:57 AM

How security aware is your organization?



Posted by: David Schneier
Audit, GLBA, information security, NCUA, phish, phishing, Regulatory Compliance, risk, risk assessment, Security, security testing, social engineering

Consider this post to be something of a (banking) community service announcement. It's February 2010, do you know when the last time was that your organization conducted a social engineering exercise? I come across instances almost all of the time where financial institutions have obvious...


January 15, 2010  6:05 AM

The best part of audit (yes, I mean audit)



Posted by: David Schneier
Audit, controls, evidence, GLBA, Regulatory Compliance, risk

A recent jobs survey released last week indicated that less than 50% of the work force is satisfied with their job. Me, I’m a lucky guy as I genuinely like what I do for a living. It’s funny in a way because over the first decade or so of my...


October 20, 2009  3:05 PM

Should bank examiners rely on audit and assessment reports?



Posted by: David Schneier
assessment, Audit, bcp, business continuity planning, disaster recovery, DR, GLBA, information security, IT, NCUA, Regulatory Compliance, risk, risk assessment, technology

A favorite cliché of mine is “if it wasn’t for the last minute nothing would ever get done.” Personally it’s sort of the way I’m wired and in my industry it’s an unwritten rule when it comes to many annual activities. There’s an...


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: