.png)
CAN YOU PASS A CYBERSECURITY AUDIT?
We can help. All financial services entities (banks, insurance companies and agents, financial services, etc.) that are regulated, licensed, or supervised by the New York State Department of Financial Services (NYS DFS) are required to comply with new mandatory cybersecurity requirements in New York’s Cyber- security Regulation: 23 NYCRR Part 500.
Here are the basic requirements:
-
Maintain a Cybersecurity Program
-
Implement Written Cybersecurity Policies
-
Designate a CISO (Chief Information Security Officer)
-
Perform Penetration Testing & Vulnerability Assessments
-
Maintain Systems for Audit Trails
-
Control & Manage Access Privileges
-
Application Security Procedures and Testing
-
Perform Periodic Risk Assessments
-
Utilize Qualified Cybersecurity Personnel & Intelligence
-
Maintain Third Party Service Provider Security Policies
-
Employ Multi-Factor Authentication
-
Develop Procedures for Data Retention & Data Disposal
-
Perform Activity and Access Monitoring
-
Conduct Regular Cybersecurity Awareness Training
-
Control and Encrypt Data
-
Create a Written Cybersecurity Incident Response Plan
-
Provide Notifications of Cybersecurity Events to the Superintendent (NYS DFS)
-
Prepare & Submit Annually a Certification of Compliance
-
Maintain a Cybersecurity Program
-
Implement Written Cybersecurity Policies
-
Control & Manage Access Privileges
-
Perform Periodic Risk Assessments
-
Maintain Third Party Service Provider Security Policies
-
Develop Procedures for Data Retention & Data Disposal
-
Provide Notifications of Cybersecurity Events to the Superintendent (NYS DFS)
-
Prepare & Submit Annually a Certification of Compliance
NY SHEILD LAW REQUIREMENTS (ALL COMPANIES)
-
Adopt a company-wide Cybersecurity Program
-
Appoint a Chief Information Security Officer (CISO) or other individual who is tasked with overseeing the Cybersecurity Program
-
Conduct diligence on all third-party vendors to ensure that they have ap- propriate cybersecurity-related internal controls
-
Schedule regular, periodic Cyber Security Training for all current and new, on boarded employees
CYBER COMPLAINT OFFERS A ‘COMPLIANCE
IN A BOX” SOLUTION!
-
Perform a Risk Assessment of your IT Environment
-
Search the Dark Web with your email addresses for any indications of any exposure and other risks
-
Provide you with a detailed analysis of your Risk Assess- ment Environment
-
Provide the you with a list of discovered weaknesses to correct
-
Provide you with a set of Cyber Security Policies con- sistent with the Cyber Regulations four you to adopt
-
Train all your employees in Best Cyber Security Practices and Hygiene
-
Provide you with a Certificate of Completion for each employee who takes all the training
-
Provide you with whitepapers, checklists, and application tools (e.g. Password Analyzers) to improve the Client’s internal security environment
-
For one year monitor the Dark Web for any indications of breaches and other risks
-
Provide your employees exclusive access to ID360’s ID Check Up Tool, allowing them to easily access reports from Credit Bureaus and other public databases
-
At your request, file for your limited exemption from the NY DFS Regulations, and file all certifications.
-
Provide all employees and their families personal, comprehensive Identity Recovery services and access to deep- ly discounted monitoring plans
CONTACT US FOR A COMPLEMENTARY CONSULTATION