Blog

NYC NYDFS 23 NYCRR 500 Cybersecurity Event A Big Success
Cybersecurity News

Panel at PwC discussing NYDFS 23 NYCRR 500 Cybersecurity RegulationThe third in a series of NYDFS 23 NYCRR 500 roadshow events at PwC in New York, NY on May 18, 2017, was a great success as a room full of executives, legal, IT and security professionals discussed ways to help financial services organizations meet the new cybersecurity regulations that went into effect on March 1, 2017.  Pathway to compliance with NYDFS Part 500 was part of a continuing series of forums to assist entities regulated by the New York Division of Financial Services (NYDFS) comply with a strict and wide-ranging regulation.

The event started with Joe Nocera, PwC principal and Cybersecurity Financial Services Industry Leader, giving an overview of 23 N.Y.C.R.R. Part 500 and many of the implications this has for financial institutions doing business in New York.  Joe talked about some anticipated challenges to meet encryption of nonpublic information, multi-factor authentication, incident reporting and annual certification.  While technologies and processes to meet these requirements are not new, there are a lot of questions about how to do it.  For example, is using end-point encryption good enough to protect data at rest and in transit?  What happens when you email a file with nonpublic information from your PC to someone else?  The file is no longer encrypted, so you are vulnerable.

New York Issues Final Version of Cybersecurity Regulations
Cybersecurity Data breach Insider threat

New York Issues Final Version of Cybersecurity RegulationsThe New York State Department of Financial Services (NYS DFS) just released the final version of its new cybersecurity regulations that affect organizations doing business under New York banking, insurance and financial services regulations.  The new regulation is designated 23 N.Y.C.R.R. Part 500, and goes into affect on March 1, 2017.

Paul Greene, an attorney at Harter Secrest & Emery, in a recent blog post mentioned that the main changes in the regulation from earlier drafts is the move to a more risk-adjusted approach to cybersecurity, rather than a purely prescriptive approach.  Rather than applying a one-size-fits-all approach, the NYS DFS is allowing Covered Entities to define the risk associated with their nonpublic information before deciding on the best way to protect it.  Questions remain, however, concerning the scope and reach of these regulations.

How Fasoo Can Help Meet New York Financial Services Cybersecurity Regulations
Cybersecurity Data security Insider threat

New York Financial Services Cybersecurity RegulationsIn September 2016, the New York State Department of Financial Services (DFS) proposed a broad set of cybersecurity regulations for banks, insurers, and other financial institutions that will enhance data security and require a comprehensive cybersecurity program and policies to ensure compliance.

The proposed rule is the result of DFS’s focus on cybersecurity over the past several years, in which DFS held cybersecurity discussions with various financial institutions, and issued a letter to US regulators asking for feedback on potential cyber-specific requirements.

The regulation contains several requirements that will be new or more expansive than most organizations currently practice. For example, the proposal’s call for encryption of all nonpublic information will be challenging for many organizations. While most entities encrypt data in-transit, they only encrypt data at-rest in more selective circumstances.