Email Alerts
-
Red Flag Rules compliance strategies for the enterprise
SearchFinancialSecurity.com presents a comprehensive guide to Red Flag Rules compliance. Our experts cover all the angles with authoritative technical advice on: using a risk-based approach for compliance; specific examples of red flags; clarificatio... E-Book
-
Download presentations from Financial Information Security Decisions 2009
Download a number of the compelling presentations from the 2009 Financial Information Security Decisions conference. Conference supplement
-
Cloud computing technologies and financial services
Cloud computing offers cost savings but how does it fit into the highly regulated financial services industry? Article | 02 Dec 2010
-
Data security implications of financial services regulatory reform
Industry experts weigh in on the possible ramifications of the sweeping legislation on information security and compliance professionals. Article | 29 Jul 2010
-
Firewall audit tools aid compliance
Enterprises are turning to firewall audit tools to automate the process of analyzing firewall rules and meet compliance requirements Article | 25 Feb 2010
-
Rethinking compliance audit software
After nearly a decade of railing against software as a solution to address the challenges of regulatory/industry compliance, David Schneier says he's being forced to reconsider his position. News | 23 Feb 2010
-
IT audit reports: Why you can't handle the truth
A recent news story illustrates how some organizations try to deflect IT audits that are critical by questioning their quality. News | 15 Feb 2010
-
2009: A shift in corporate attitude towards regulatory compliance
Financial institutions have often viewed the information security required by regulatory compliance as an obligation without inherent value. In 2009, financials demonstrated true interest in meeting security requirements, writes David Schneier. News | 29 Dec 2009
-
Audit requirements drive demand for privileged account management
SOX compliance requirements and data security concerns are accelerating growth of the privileged account management market Article | 21 Aug 2009
-
Regulatory reform will require much work ahead
Financial security pros will need to step it up in light of President Obama's plan to overhaul the financial regulatory system, David Schneier writes. News | 22 Jun 2009
-
Two conversations about risk assessment
A couple discussions illustrate how security professionals can have radically different understandings of risk assessment, David Schneier writes. News | 12 Jun 2009
-
Federal examiners need to pay more attention to IT risks
FDIC and NCUA examiners don't pay enough attention to IT-based risks, argues David Schneier. News | 20 May 2009
- See more News on Auditing, testing and assessment for financial services compliance
-
Seven considerations when evaluating automated GRC tools
Automated tools can help ease the compliance burden, but financial services firms must first weigh their needs. In this tip, David Strom looks at the top considerations when looking into buying a GRC tool. Tip
-
Vendor audit and monitoring contractual rights
Federal regulations, state laws and industry standards all stress the need for financial institutions to audit and monitor third-party security as part of their vendor risk assessment. Consequently, third-party contracts must include vendor auditing ... Tip
-
Proper preparation necessary for successful penetration test
Penetration testing can be a valuable tool for financial firms. Without proper preparations for penetration testing, however, the tool is rendered useless. In this tip, learn some important steps that financial firms should keep in mind for a success... Tip
-
Establishing a practical routine for reviewing security logs
In this tip, security expert Lenny Zeltzer shares the joy that comes with correlating seemingly unrelated events, and offers helpful hints to make your log-reviewing efforts a success every time. Tip
-
FDIC guidance: Third party security risks are manageable
FDIC guidance helps financial services firms effectively establish third-party security policies and manage third-party risk. Tip
-
Outsourcing compliance strategies
The strain that compliance efforts can put on resources at financial services has led to an increase in compliance outsourcing. Expert Michael Rasmussen lays out strategies financial firms should (and shouldn't) do when outsourcing their compliance-r... Tip
-
Protecting third party processes on all levels
Financial firms have numerous third party partnerships, but these partnerships come with security risks. Compliance expert Richard Mackey explains how to assess the risk and ensure your partnerships are secure. Tip
-
Outlining governance frameworks
Every financial services firm must have a governance framework in place. The good news is there are a number of options when picking a one. This tip will outline the frameworks available and what every financial firm should consider when making the c... Tip
-
GRC software alleviates audit process for financial firms
Financial firms of all sizes face challenges with collecting data for auditors. GRC software can help automate the process, but as Mike Rothman explains, it's not for everyone. Tip
-
Maintaining compliance in a world of constant change
Robert Childs examines four steps information security practitioners can take to ensure that their compliance efforts are maintained and kept up-to-date. Tip
-
Federal Information Security Management Act (FISMA)
The Federal Information Security Management Act (FISMA) is United States legislation that defines a comprehensive framework to protect government information, operations and assets against natural or man-made threats. Definition
-
Big 4 (Final 4)
The Big 4, also known as the Final 4, are the four largest international accounting and professional services firms. Definition
-
Dodd-Frank Act
The Dodd-Frank Act (fully known as the Dodd-Frank Wall Street Reform and Consumer Protection Act) is a federal law that places regulation of the financial industry in the hands of the government. Definition
-
international financial reporting standards (IFRS)
International financial reporting standards (IFRS) are specific organizational and monetary standards and frameworks for financial reporting that have been adopted in 113 countries including India, Australia and the European Union. Definition
-
National Automated Clearing House Association (NACHA)
The National Automated Clearing House Association (NACHA) is a not-for-profit trade association that develops operating rules and business practices for the nationwide network of automated clearing houses (ACHs) and for other areas of electronic paym... Definition
-
Common Vulnerabilities and Exposures (CVE)
Common Vulnerabilities and Exposures (CVE) is a list of standard terms referring to security-related threats... (Continued) Definition
-
Federal Information Security Management Act (FISMA)
The Federal Information Security Management Act (FISMA) is United States legislation that defines a comprehensive framework to protect government information, operations and assets against natural or man-made threats. Definition
-
Big 4 (Final 4)
The Big 4, also known as the Final 4, are the four largest international accounting and professional services firms. Definition
-
Dodd-Frank Act
The Dodd-Frank Act (fully known as the Dodd-Frank Wall Street Reform and Consumer Protection Act) is a federal law that places regulation of the financial industry in the hands of the government. Definition
-
international financial reporting standards (IFRS)
International financial reporting standards (IFRS) are specific organizational and monetary standards and frameworks for financial reporting that have been adopted in 113 countries including India, Australia and the European Union. Definition
-
Cloud computing technologies and financial services
Cloud computing offers cost savings but how does it fit into the highly regulated financial services industry? Article
-
Red Flag Rules compliance strategies for the enterprise
SearchFinancialSecurity.com presents a comprehensive guide to Red Flag Rules compliance. Our experts cover all the angles with authoritative technical advice on: using a risk-based approach for compliance; specific examples of red flags; clarificatio... E-Book
-
National Automated Clearing House Association (NACHA)
The National Automated Clearing House Association (NACHA) is a not-for-profit trade association that develops operating rules and business practices for the nationwide network of automated clearing houses (ACHs) and for other areas of electronic paym... Definition
-
Data security implications of financial services regulatory reform
Industry experts weigh in on the possible ramifications of the sweeping legislation on information security and compliance professionals. Article
-
Seven considerations when evaluating automated GRC tools
Automated tools can help ease the compliance burden, but financial services firms must first weigh their needs. In this tip, David Strom looks at the top considerations when looking into buying a GRC tool. Tip
-
Firewall audit tools aid compliance
Enterprises are turning to firewall audit tools to automate the process of analyzing firewall rules and meet compliance requirements Article
- See more All on Auditing, testing and assessment for financial services compliance
About Auditing, testing and assessment for financial services compliance
Audit, testing and assessment can be a source of major frustration and expense for many IT departments. Find resources on auditing, testing and assessment for financial services compliance including third-party and self-assessment advice and audit preparation help.