Fasoo Talks About NYDFS and Cybersecurity at FinCyberSec 2017

Ron Arden Talks About NYDFS and Cybersecurity at FinCyberSec 2017Ron Arden, Executive Vice President and COO of Fasoo, Inc., presented Countdown to Compliance with NYDFS 23 NYCRR 500 during FinCyberSec 2017 at the Stevens Institute of Technology in Hoboken, NJ on May 31, 2017.  Ron was part of a day long event that focused on technical, regulatory, process and human dimensions of cyber threats faced by financial systems and markets.

Dr. Paul Rohmeyer, who organized the conference, started the day with opening remarks that set the stage for how the world of business and cybersecurity has changed in the last year.  With constant attacks, like the WannaCry ransomware attack and the ever changing business and technology landscape, financial services companies have a lot to address as they look to safely promote new business models.

Read More

NYC NYDFS 23 NYCRR 500 Cybersecurity Event A Big Success

Panel at PwC discussing NYDFS 23 NYCRR 500 Cybersecurity RegulationThe third in a series of NYDFS 23 NYCRR 500 roadshow events at PwC in New York, NY on May 18, 2017, was a great success as a room full of executives, legal, IT and security professionals discussed ways to help financial services organizations meet the new cybersecurity regulations that went into effect on March 1, 2017.  Pathway to compliance with NYDFS Part 500 was part of a continuing series of forums to assist entities regulated by the New York Division of Financial Services (NYDFS) comply with a strict and wide-ranging regulation.

The event started with Joe Nocera, PwC principal and Cybersecurity Financial Services Industry Leader, giving an overview of 23 N.Y.C.R.R. Part 500 and many of the implications this has for financial institutions doing business in New York.  Joe talked about some anticipated challenges to meet encryption of nonpublic information, multi-factor authentication, incident reporting and annual certification.  While technologies and processes to meet these requirements are not new, there are a lot of questions about how to do it.  For example, is using end-point encryption good enough to protect data at rest and in transit?  What happens when you email a file with nonpublic information from your PC to someone else?  The file is no longer encrypted, so you are vulnerable.Read More

Practical Advice At Buffalo NYDFS 23 NYCRR 500 Pathways to Compliance Event

Practical Advice At Buffalo NYDFS 23 NYCRR 500 Pathways to Compliance EventFollowing our successful event in Rochester, the second of the NYDFS 23 NYCRR 500 roadshow events at Phillips Lytle LLP in Buffalo, NY on May 17, 2017 brought together executives, insurance, legal, and security professionals in a great forum to discuss challenges for financial services organizations to meet the new cybersecurity regulations that went into effect on March 1, 2017.  A full house heard some practical advice designed to assist entities regulated by the New York Division of Financial Services (NYDFS) comply with the new regulations.

Jennifer Beckage of Phillips Lytle LLP started with her “Survival Guide to Navigating the NYDFS Cybersecurity Regulation”.  Jennifer talked about the challenges covered entities face not only developing their own cybersecurity programs, but how those spill over to their service providers.  Developing, implementing and monitoring vendor management programs will affect contracts, day-to-day operations and the technology used to secure and control information shared.
Read More

Rochester NYDFS Pathways to Compliance Event a Big Success

Rochester NYDFS Pathways to Compliance Event a Big SuccessThe first of the NYDFS 23 NYCRR 500 roadshow events in Rochester, NY on May 16, 2017 was a great success as numerous people from local financial services companies participated in a great forum to help organizations understand how to meet the new cybersecurity regulations that went into effect on March 1, 2017.

The event was held at Harter Secrest & Emery LLP in Rochester and started what will be a continuing series of forums to assist entities regulated by the New York Division of Financial Services (NYDFS) comply with a strict and wide-ranging group of regulations.

Read More

Fasoo Sponsors NYDFS 23 NYCRR 500 Roadshow

Fasoo Sponsors NYDFS 23 NYCRR 500 RoadshowOn March 1, 2017 new sweeping cybersecurity regulations from the New York State Department of Financial Services (NYDFS) took effect.  The NYDFS 23 NYCRR 500 regulations affect thousands of regulated financial institutions that do business in New York as well as thousands of Third Party Service Providers that support those financial institutions, world-wide.  The regulations add to the complexity that financial institutions already face in developing and implementing their comprehensive information security programs.  They also bring with them challenges and uncertainty as organizations implement new tools and practices designed to protect customer and company information.

In response to this sea-change, Fasoo is sponsoring a roadshow across three major markets in New York (Rochester, Buffalo and NY city) to help affected organizations comply with the new regulations.  The highlight of the roadshow will be a keynote by Dr. Larry Ponemon of the Ponemon Institute reviewing a study sponsored by Fasoo to gauge industry readiness and reaction to the new regulations.

Read More

The Best Defense Against Insider Threats

The Best Defense Against Insider ThreatsOne of the most critical skills information security groups have is the ability to proactively find threats in their environment – a process known as hunting.  Great hunting is the combination of deep knowledge about your environment with the ability to understand the details of changes that take place in real-time.  Knowledge is the greatest advantage information security professionals have when determining the best defense against an adversary.

Attackers must have extensive knowledge about your infrastructure to find weak spots to exploit.  You have an advantage by knowing what are normal patterns of behavior from your users and systems.

Read More

Fasoo Sponsored Ponemon Institute Survey On NYDFS 23 NYCRR 500

Click here to see the Countdown to Compliance, Fasoo Sponsored Ponemon Institute Survey of NYDFS 23 NYCRR 500Fasoo sponsored a Ponemon Institute survey to determine the readiness of financial firms doing business in New York State to comply with the new cybersecurity regulation NYDFS 23 NYCRR 500 that went into effect on March 1, 2017.  The regulation includes deadlines to implement procedures and solutions to achieve compliance with the new standards.  Since New York is one of the world’s financial capitals, the state wants to ensure that organizations that operate under the banking, insurance or financial services regulations provide a secure information sharing environment to protect companies and their customers.

“The survey is aptly titled “Countdown to Compliance,” said Dr. Larry Ponemon.  “Our goal is to provide insight into the challenges these organizations face in complying with the demanding new requirements which apply to all ‘nonpublic information’ – at rest, in-transit and shared with third parties.  The survey will provide insight into their efforts to comply over the next 180 to 365 days.”

Read More

Once More Unto The Data Breach, Dear Friends, Once More

Fasoo would have stopped the leak of CIA documentsWikiLeaks recently obtained and released thousands of sensitive documents showing the Central Intelligence Agency’s (CIA) arsenal of hacking tools, malware, viruses, trojans, weaponized “zero day” exploits, malware remote control systems and associated documentation.

Unfortunately this is not a Shakespearean play, but a real life data breach that will have huge consequences for the security of the US government.  This information supposedly came from a secure location inside the CIA and raises a lot of questions about cybersecurity.  If an agency that should be focused on security can have this problem, what other problems may lurk in other parts of the government?

Read More

Data Breaches Cost Executives Money

Data Breaches Cost Executives MoneyThe problem of data breaches has just reached a new high, or maybe low, as executives are losing money because of them.  A case in point is that Yahoo CEO Marissa Mayer will not receive a bonus nor stock award because of the mishandling of security breaches in 2013 and 2014.

The decision came after an internal investigation found that senior executives at Yahoo mishandled the company’s security breaches.  In September of last year, Yahoo disclosed that a massive security breach occurred in 2014. About 500 million Yahoo accounts were compromised. Hackers obtained personal information, but not credit card details. Then in December of last year, Yahoo disclosed that another breach occurred in 2013, but this one was even bigger: Nearly one billion user accounts were hacked, making it the biggest breach in history.

Read More

New York Issues Final Version of Cybersecurity Regulations

New York Issues Final Version of Cybersecurity RegulationsThe New York State Department of Financial Services (NYS DFS) just released the final version of its new cybersecurity regulations that affect organizations doing business under New York banking, insurance and financial services regulations.  The new regulation is designated 23 N.Y.C.R.R. Part 500, and goes into affect on March 1, 2017.

Paul Greene, an attorney at Harter Secrest & Emery, in a recent blog post mentioned that the main changes in the regulation from earlier drafts is the move to a more risk-adjusted approach to cybersecurity, rather than a purely prescriptive approach.  Rather than applying a one-size-fits-all approach, the NYS DFS is allowing Covered Entities to define the risk associated with their nonpublic information before deciding on the best way to protect it.  Questions remain, however, concerning the scope and reach of these regulations.

Read More