Regulatory Reality:

SOX


October 8, 2009  8:33 PM

The COBIT framework isn’t an audit solution



Posted by: David Schneier
Audit, COBIT, GLBA, ISACA, ITGI, NCUA, Regulatory Compliance, risk, risk assessment, Risk IT, SOX, Val IT

I have an associate who has an addiction to certifications. He’s one of those “too smart for his own good” geniuses who often decides to change his career course and starts by obtaining whatever accreditation or cert is needed to do so....

August 18, 2009  8:05 PM

Is perspective on our regulatory landscape a blessing or a curse?



Posted by: David Schneier
Audit, FDIC, GLBA, PCI, regulatory, Regulatory Compliance, SOX

I was away from the office last week trying squeeze in a family vacation before the kids head back to school. Despite taking the occasional phone call and replying to a number of emails, there was still plenty waiting for me today when I returned to my normal...


July 17, 2009  1:58 PM

Does compliance equate to secure?



Posted by: David Schneier
Audit, compliance, cyber security, FFIEC, GLBA, PCI, regulations, Regulatory Compliance, Security, SOX

Despite earning a living in the space, I often question the value of regulatory compliance.

How is it that a business can be PCI-compliant but still have glaring vulnerabilities?  How is it that despite layer upon layer of controls...


July 8, 2009  3:45 PM

How’s about a federally mandated Information Security Assessment?



Posted by: David Schneier
Audit, compliance, cyber security, FERC cyber security, GLBA, NERC, Regulatory Compliance, SOX

I had a eureka moment recently that I’d like to share.

In considering the implications of the recently announced changes by MasterCard that will now require PCI Level 2 merchants to be assessed by a Qualified Security Assessor (QSA) it occurred to me...


July 2, 2009  2:53 AM

2 for 1 sale: How governance leads to compliance.



Posted by: David Schneier
Audit, compliance, GLBA, governance, GRC, PCI, Regulatory Compliance, SOX

A while back I’d written about the Unified Compliance Framework from Network Frontiers, which takes quite literally every regulation and framework within the IT domain and maps them in such a way where you can identify how a single control addresses multiple requirements. In...


June 22, 2009  3:46 PM

Financial regulations and my crystal ball.



Posted by: David Schneier
Audit, compliance, GLBA, obama, OTS, PCI, Regulatory Compliance, SOX

I had a great piece lined up for this week about a governance project I’m working on but was waylaid by all the news that hit the radar around regulatory reform.

In what may be the understatement of the year, the plans revealed last week by President...


May 29, 2009  2:44 AM

Information security pros (and cons).



Posted by: David Schneier
encryption, NPPI, PCI, Regulatory Compliance, Security, SOX

Ever since I first started blogging I’ve worried that there would be weeks when I would simply draw a blank when it came to finding a topic worthy of the audience's time and attention. While I may have hit the occasional bump in the road with posts that weren’t...


April 2, 2009  4:21 PM

Keep an eye on Shared Assessments.



Posted by: David Schneier
Audit, GLBA, Regulatory Compliance, SOX, Vendor Management

About thirty seconds after I posted my last blog an item on the


March 30, 2009  6:55 PM

Why do you need policies and procedures? I’ll tell you why.



Posted by: David Schneier
Audit, GLBA, HIPAA, PCI, Regulatory Compliance, SOX

I once heard a parent say that they wished they had a dollar for every time their teen-aged child rolled their eyes at them.  I'm a parent so I get it.  But what I really wish for is to have a dollar for every time a client rolls their eyes at me when I tell them they need to have all their...


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: