Regulatory Reality:

Security


March 25, 2011  2:48 PM

A Hard Lesson Learned in Japan’s Disaster



Posted by: David Schneier
business continuity, business continuity plan, business continuity planning, disaster, disaster recovery, FFIEC, GLBA, NCUA, regulations, regulatory, Regulatory Compliance, Security

There will be no shortage of industry articles and analysis that will emerge from the horrific events in Japan over these past few weeks, that's for certain.  This is arguably the most significant event to hit a major regional economy since World War II and it's important to learn as many lessons...

March 15, 2011  9:58 PM

Is your examiner a friend or foe?



Posted by: David Schneier
Audit, bank, banking, compliance, credit union, CU, exam, examiner, FDIC, GLBA, NCUA, OCC, oversight, regulations, regulatory, Regulatory Compliance

I was catching up on my industry emails the other day and buried in my FDIC email folder was Financial Institution Letter FIL-13-2011, sent out on March 1st. Truthfully I usually pay close attention to their Friday afternoon blasts regarding bank closings and only skim the rest. But this one...


March 8, 2011  4:58 PM

Does GRC scale to size?



Posted by: David Schneier
assessment, Audit, bank, banking, compliance, credit union, CU, exam, examination, examiner, exams, governance, GRC, regulation, regulatory, Regulatory Compliance, risk, risk assessment

We were having an internal conversation this past week about governance, risk, and compliance (GRC) and I was asked about its role in the small and...

Bookmark and Share     0 Comments     RSS Feed     Email a friend


February 27, 2011  7:31 PM

Does an IT auditor need to be CISA certified?



Posted by: David Schneier
assessment, Audit, audit plan, audit program, CISA, CISSP, regulations, Regulatory Compliance, risk, risk management

It's been a while since my last post as I'm in hunker-down mode as we prepare our next compliance software offering for release.  But in the midst of my coding/testing insanity, a conversation occurred that brought up the value of certifications that I haven't been able to completely let go...


February 10, 2011  4:07 PM

Should banks and social networking coincide?



Posted by: David Schneier
bank, banks, credit union, credit unions, email, Facebook, FDIC, LinkedIn, NCUA, regulations, regulatory, Regulatory Compliance, social network, social networking, tweet, tweeting, Twitter, web

A few weeks back my wife asked me, as a favor, if I could join one of Facebook's community-based games because the more "neighbors" you have, the easier it is to succeed and so I did. Truthfully it was a rare moment of weakness for me because I tend to avoid those sort of things as if it were the...


January 29, 2011  1:34 AM

Regulatory compliance is not easy



Posted by: David Schneier
assessment, Audit, bcp, business continuity plan, disaster recovery, DR, FDIC, GLBA, NCUA, regulations, regulatory, Regulatory Compliance

Something happened within our practice this past week that made me recall a story from the very beginning of my audit and compliance career. Way back in 1998 when I was first transitioning from being an application developer/manager to a compliance/audit professional, my first long term engagement...


January 17, 2011  1:55 PM

Is the U.S. banking crisis over?



Posted by: David Schneier
bank closing, bank closings, banking, banking crisis, compliance, FDIC, FFIEC, foreclosure, GLBA, NCUA, regulatory, Regulatory Compliance

As my professional mind started winding down this evening in anticipation of the weekend, my thoughts started drifting towards yard work and time with the family. Then my Droid started chirping it's little sing-song of alerts as a round of emails hit my inbox and I was brought back to reality for a...


January 8, 2011  5:41 PM

New year advice on developing a business continuity plan



Posted by: David Schneier
Audit, bcp, BIA, business continuity plan, business impact analysis, exam, examiners, FFIEC, GLBA, regulatory, Regulatory Compliance, risk, risk assessment

One of the first things I had to work on this week (and thus one of the first things to work on in the new year) was finalizing a report from last year. The report covered the results of a Business Continuity Plan desktop test and the client needed some clarifications around the results. I've...


December 28, 2010  8:55 PM

Risk versus reward: Data warehouses and the cloud



Posted by: David Schneier
assessment, Audit, cloud, cloud computing, data security, data warehouse, GLBA, PCI, regulatory, Regulatory Compliance, SOX

It's a popular time of the year for people like myself who publish any form of content to either reflect on the year that was or make predictions on the year that's to be. Confidentially those are typically easy pieces to write and I'm generally happy to take advantage of such opportunities....


December 10, 2010  6:45 PM

Year-end begets regulatory compliance audit panic



Posted by: David Schneier
assessment, Audit, FFIEC, GLBA, PCI, red flags, red flags identity theft, regulatory, Regulatory Compliance, Security, security awareness, SOX

Sometime back in August I blogged about addressing outstanding compliance tasks before the year's end. We see it every year in my practice: Compliance  and security folks wake up sometime right around now in a bit of a panic and realize that they're about to miss hitting on certain key regulatory...


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: