Late last year the New York State of Financial Services (DFS) announced that New York would be proposing a “first in the nation” rule on cyber-security to go into effect on March 1, 2017 which would impact any bank, insurance company and anyone else covered by DFS. The rule requires any regulated company design a cybersecurity program that assesses its risks to ensure the safety and soundness of the cybersecurity protections in place with the goal of providing further protections of its customers.
In addition to laying out broader requirements around staffing, training, and audit, etc., this regulation sets minimum standards for the design of a sound cybersecurity program that addresses several dimensions of prevention, identification, remediation and validation across several technology areas.
With the growing value of financial records to hackers, this rule was meant to protect consumer data and financial systems from nation states, terrorist organizations and other criminal enterprises. In fact, just this past week the US handed out its first ever indictments to Russian spies for the breach of Yahoo. This is why fast-growing companies like GrubHub and Melaleuca are hiring cybersecurity experts to ensure their customer records remain safe and untouchable. These companies complete thousands of financial transactions on a daily basis, so cybersecurity is a must.
This month, 23 NYCRR 500 went into effect and, while we can’t yet say how organizations are reacting or if they are ready, we can help to prepare you for when this “first in the nation” rule becomes an “expected standard of the nation”.
In order to help you prepare for meeting 23 NYCRR 500 regulations, we’ve put together an eBook to break down what you need to do to be compliant with several of the cyber-security sections. I’ve listed a few of the sections below, but you can download the full eBook here.
Section 500.03 is broadly labeled “Cybersecurity Policy” and outlines several different solutions or processes that you should include in your security plan in order to be compliant including:
Data governance is all about understanding and managing your critical information, even information that resides in documents, files and folders (unstructured) rather than organized in databases or applications (structured). Your employees are continuously creating new documents, folders, files, etc. on your servers and you need a way to govern who has access to it. Managing this information manually is an option and is often how it is done, however, modern cybersecurity teams are instituting automated solutions which are more effective.
One option for automation is a Data Access Governance (DAG) solution. This is an auditing, compliance and governance framework for unstructured data and critical applications that provides comprehensive data collection, analysis, categorization and remediation workflows and reporting. These solutions are automated, scalable, and interoperable with your Identity and Access Management (IAM) and HR systems and secure your data by applying a consistent permissions model and enforcing least-privileged access control.
STAY IN THE LOOP
Subscribe to our free newsletter.
One of the hottest debate topics in today’s COVID-19 world is the proper balance of public safety with personal privacy. The latest actor to take center stage in that discussion is “Artificial Intelligence”. With so much of the world still in quarantine, including law enforcement personnel, governments are turning to technology to help fill in […]
Vulnerabilities Are On The Rise: Secure Your Business Now The reliance of businesses on data and information transmitted via cyberspace was never so high. While the data explosion has made organizations more effective and profitable, it has presented them with new security risks and challenges. Just as protecting your home against trespassers is important, securing […]
It’s not just the bad actors that we at Core Security want to protect you from – we also want to protect you from yourself. It’s all hands on deck when it comes to securing your systems and the systems you interact with on a daily basis. Everyone personally has, on average, four devices to […]
Businesses are not prepared for advanced malware. This may seem like a harsh statement but as this week’s POS breach at Chipotle showed us, it is true. According to the 2017 Verizon Wireless Data Breach Report, over half (51%) of breaches included malware and 66% of that came through malicious email attachments. In the world […]