Blog

NYC NYDFS 23 NYCRR 500 Cybersecurity Event A Big Success
Cybersecurity News

Panel at PwC discussing NYDFS 23 NYCRR 500 Cybersecurity RegulationThe third in a series of NYDFS 23 NYCRR 500 roadshow events at PwC in New York, NY on May 18, 2017, was a great success as a room full of executives, legal, IT and security professionals discussed ways to help financial services organizations meet the new cybersecurity regulations that went into effect on March 1, 2017.  Pathway to compliance with NYDFS Part 500 was part of a continuing series of forums to assist entities regulated by the New York Division of Financial Services (NYDFS) comply with a strict and wide-ranging regulation.

The event started with Joe Nocera, PwC principal and Cybersecurity Financial Services Industry Leader, giving an overview of 23 N.Y.C.R.R. Part 500 and many of the implications this has for financial institutions doing business in New York.  Joe talked about some anticipated challenges to meet encryption of nonpublic information, multi-factor authentication, incident reporting and annual certification.  While technologies and processes to meet these requirements are not new, there are a lot of questions about how to do it.  For example, is using end-point encryption good enough to protect data at rest and in transit?  What happens when you email a file with nonpublic information from your PC to someone else?  The file is no longer encrypted, so you are vulnerable.

How Fasoo Can Help Meet New York Financial Services Cybersecurity Regulations
Cybersecurity Data security Insider threat

New York Financial Services Cybersecurity RegulationsIn September 2016, the New York State Department of Financial Services (DFS) proposed a broad set of cybersecurity regulations for banks, insurers, and other financial institutions that will enhance data security and require a comprehensive cybersecurity program and policies to ensure compliance.

The proposed rule is the result of DFS’s focus on cybersecurity over the past several years, in which DFS held cybersecurity discussions with various financial institutions, and issued a letter to US regulators asking for feedback on potential cyber-specific requirements.

The regulation contains several requirements that will be new or more expansive than most organizations currently practice. For example, the proposal’s call for encryption of all nonpublic information will be challenging for many organizations. While most entities encrypt data in-transit, they only encrypt data at-rest in more selective circumstances.

4 Reasons You Need Enterprise Digital Rights Management
Data breach Insider threat Privacy

4 Reasons You Need Enterprise Digital Rights ManagementIn today’s business world, information security, regulatory compliance and data governance requirements are driving a top to bottom change in how we manage corporate data.  As the walls of an organization blur, new business models make the definition of employee, business partner and corporate information difficult to define.

Many companies allow employees to work from any location at anytime using any device.  Outsourced functions today range from design to manufacturing to finance and human resources.  If I outsource manufacturing or finance to a third party, how do I define my corporate boundary for data, since my sensitive information is in the hands of a business partner?  Add to this the real threat of external hackers and insider threats from employees, contractors and the third parties I use for key business functions.

How do you protect the most important information in your business?