November 18, 2011 12:22 PM
Posted by: David Schneier
assessment,
Audit,
compliance,
FDIC,
Federal Reserve Bank,
FRB,
GLBA,
NCUA,
OCC,
OTC,
regulations,
regulatory,
Regulatory Compliance,
risk,
risk assessment,
vendor,
Vendor Management,
vendor risk,
vendor risk ratingI don't think I'm due to post about vendor management again at least until January 2012 (I try to limit topics to twice a year) but I've had something kicking around my head for a few days now and it needs a proper vetting.
Does anyone know why vendor management is such a big issue for banking...
November 11, 2011 7:41 PM
Posted by: David Schneier
assessment,
Audit,
compliance,
GLBA,
hack,
hacker,
NCUA,
phish,
phishing,
red flags,
red flags identity theft,
regulatory,
Regulatory Compliance,
scam,
smish,
smishing,
vish,
vishingThis is something akin to my annual public service announcement (PSA) for anyone who has cash-on-hand, a bank account, an investment account or perhaps even a piggy bank: As long as you have money there's someone out there right now scheming to try and take it away from you.
I'm having that...
October 26, 2011 8:36 PM
Posted by: David Schneier
assessment,
bcp,
business continuity plan,
GLBA,
NCUA,
NCUA Part 748,
regulations audit,
regulatory,
Regulatory Compliance,
risk,
risk assessment,
Vendor ManagementI remember conducting a risk assessment a few years back for a credit union in which they were missing just about every artifact necessary to prove compliance with NCUA Part 748 (if you're not already aware, thats GLBA for credit unions). It was, for lack of a better term, a...
October 13, 2011 10:42 PM
Posted by: David Schneier
compliance,
Facebook,
identify theft,
LinkedIn,
NPPI,
PCI,
PII,
privacy,
regulatory,
Regulatory Compliance,
SecurityI just came to find out that I’m old. It was somewhat sudden and sort of unexpected as I’m not quite half way to one hundred and have fooled myself into thinking that old doesn’t roll in until somewhere beyond sixty. But apparently one persons middle-aged...
October 3, 2011 10:39 PM
Posted by: David Schneier
bcp,
business continuity,
business continuity plan,
compliance,
Dodd-Frank,
FDIC,
GLBA,
NCUA,
regulations,
regulatory,
Regulatory Compliance,
too big too failEver since Dodd-Frank legislation first started rolling down the turnpike towards the banking industry I've been reading and listening to all manner of rhetoric about how none of it's going to solve any problems, that it's going to impede the business of banking and force money to be deposited and...
September 14, 2011 6:27 AM
Posted by: David Schneier
assessment,
Audit,
bcp,
business,
business continuity,
business continuity planning,
compliance,
disaster recovery,
DR,
GLBA,
NCUA,
regulation,
regulatory,
Regulatory Compliance,
risk,
risk assessment,
vendor,
Vendor ManagementOne of the oddity's of my career is how some issues present themselves in a wide range of my clients despite the fact that there's often no meaningful way to compare them in size. Some have a single compliance person who is part Compliance Officer and part Information Security Officer and some...
August 28, 2011 3:17 PM
Posted by: David Schneier
Audit,
auditor,
bcp,
business continuity,
business continuity plan,
compliance,
disaster,
disaster recovery,
DR,
exam,
examiner,
GLBA,
NCUA,
regulations,
regulatory,
Regulatory ComplianceI'm violating my own standards by using such an easy topic to blog about but it's too big to ignore. With the increasing insanity being inspired by 2011's first true hurricane I'd be remiss if I didn't at least explore the impact this is going to have on the business community.
I just heard...
August 15, 2011 8:45 PM
Posted by: David Schneier
cdo,
compliance,
foreclosure,
NCUA,
regulations,
regulatory,
Regulatory ComplianceI had the good fortune to rediscover a recent favorite book while driving to a client engagement last week. It was the audio version of Michael Lewis’s “The Big Short”. I had first listened to it last year and thought at the time it was about as good a...
Comments are off for this post.
August 3, 2011 6:16 PM
Posted by: David Schneier
compliance,
GLBA,
NCUA,
NPPI,
PII,
regulatory,
Regulatory Compliance,
Security,
security awarenessWhen I first started blogging professionally a colleague of mine cautioned that I should avoid posting anything where a client might recognize themselves in any story or example I might relate, good or bad. And so in the years since I've gone to sometimes great length to anonymize my content to...
