As cyberattacks have increased over the past years and months, many regulated industries have begun to require compliance with various industry-accepted standards in an effort to identify risk and provide guidance on best practice security controls. One such is the financial services industry, which is attempting to keep pace with ongoing attacks that threaten business operations, as well as personal information of customers. As such, the New York Department of Financial Services (DFS) has released the 23 NYCRR 500 Cybersecurity Regulation for all entities covered under the DFS. This requirement aims to guide entities in developing a cybersecurity program, and makes an attempt at “not being overly prescriptive so that cybersecurity programs can match the relevant risks and keep pace with technological advances.” Key areas of focus include performing risk assessments specific to an institution’s assets and environment, developing a cybersecurity program to help defend against attacks, and identifying individuals within the organization who are qualified to provide ongoing guidance of this program at the CISO level. Specific parts that the program should include are:
- Cybersecurity policies
- Defining a CISO
- Ongoing risk assessments
- Ongoing penetration testing and vulnerability assessments
- Log monitoring and alerting
- Access controls
- Third-party service provider oversight
- Multi-factor authentication
- Awareness training
- Secure data storage and transmission
- Incident response plan
The DFS 23 NYCRR Part 500 has been in effect now, since March 31, 2017 and, unless exempted, will require all DFS covered entities to become compliant on August 28, 2017. Understanding full compliance can take time for many institutions. Covered entities will have until February 15, 2018 to self-certify that all requirements have been met. nGuard realizes many financial institutions often do not have the ability or time to identify true risk, or implement even minimal controls, without help. As such, our team can provide the qualified and expert security resources that will help any institution meet compliance under the new DFS Cybersecurity Regulation. Call and speak to one of nGuard’s experts today.
About nGuard Corporation
nGuard is a leading provider of expert security assessments, managed security services, security incident response, and other advanced security services to organizations across North America & around the world. nGuard’s relentless focus on securing clients, as well as their unmatched security expertise, has helped them become one of the most sought after security firms in North America.