Are YOU prepared for the New York State Cybersecurity Regulations that are in effect since March 1, 2017? All financial institutions under the Department of Financial Services (NYDFS) jurisdiction, even those whose headquarters are not based in New York, must comply with these new rules and regulations and we’re here to help. If you are a banking, insurance or brokerage firm that uses a license to operate in New York, you are required to comply (with some exceptions).
Deadlines for New York State Cybersecurity Regulations:
Below are the upcoming deadlines starting March 1st. Don’t jeopardize your institution by waiting too long!
- Six months – IT security program and policies (500.02 & 500.03), access privileges (500.07), qualified cybersecurity personnel (500.10), and incident response plans (500.16).
- One year – CISO reporting to the board of directors (500.04(b)), penetration testing and vulnerability assessments (500.05), risk assessments (500.09), multi-factor authentication (500.12), and cybersecurity awareness training (500.14(b)).
- 18 months – Audit trails (500.06), application security (500.08), data retention (500.13), policies and procedures to monitor the activity of authorized users (500.14(a)), and encryption (500.15).
- Two years – Third party service provider security policy (500.11).
It looks overwhelming but it doesn't have to be. 24By7Security, Inc. can provide the required services needed to comply with the new requirements and with a brief conversation with our compliance specialist, your search for help can be over!
For more information about this new law, please visit: http://ow.ly/J10o309dmXW (Or just Google NYDFS Cybersecurity Regulations)
We offer a full range of services that will help you get compliant with the New York State Cybersecurity Regulations. Here is an abbreviated list of Cyber/IT Security services we offer (more can be found on our website home page):
- Assessments – FFIEC Cybersecurity Assessment Tool, GLBA, IT Operational Assessments
- Vulnerability Assessment – Internal, External, Web Application penetration testing
- Policy & Procedure – Review, Development, and Revisions
- Incident Response – Policy, Procedures, Runbook, Simulation
- Third-Party Risk Program – Policy, Procedures, Risk Assessment, Annual Survey
- CISO as a Service – On a part-time basis depending on the size of the institution
Contact us at (844) 55-CYBER at ext. 709 or ext. 707 today or send us an email at contact@24By7Security.com
By Chris Spaeth
(844) 55-CYBER, ext. 709