Search Results for: 23 nycrr 500

New York Rule 500 dictates NY financial institutions must certify cybersecurity programs by February 15, 2018

New York State is the first in the U.S. to impose a comprehensive cybersecurity regulation on financial institutions, and the regulation, “Cybersecurity Requirements for Financial Services Companies,” (also known as NY Rule 500 or 23 NYCRR Part 500) has a key deadline on the horizon. February 15, 2018 is the date by which the entities… Read more »

Pop Quiz: When is Pen Testing a Compliance Requirement?

We live in a world where organizations are required to pen test their IT systems and networks. Sometimes. Do you know when penetration testing is required? Or when it’s industry standard? Or when it’s just a good idea? Penetration testing, sometimes called ethical hacking, simulates real-world ways hackers can compromise network and IT assets. The… Read more »

GLBA is About to Get a Cybersecurity Upgrade

If you aren’t a regular reader of the Federal Register, you may have missed a proposed upgrade for safeguarding customer information. Background When the Gramm Leach Bliley Act, fondly known as GLBA, was enacted in 1999 we were worried about Y2K, a gallon of gas cost $1.22, and SpongeBob SquarePants had just premiered on Nickelodeon…. Read more »

Cybersecurity Frameworks – A (Hard)Core Feature of The Ohio Data Protection Act

In 2018, Ohio – the home of the Rock & Roll Hall of Fame – enacted a cybersecurity law that rocked cybersecurity frameworks. The Ohio Data Protection Act (“ODPA” or the Act) creates a safe harbor for organizations that adopt one of ten cybersecurity compliance frameworks. This is unique. Most other state cybersecurity laws don’t… Read more »

Final Compliance Date for NY DFS Cybersecurity Regulation is March 1, 2019

A significant deadline is now approaching under the New York State Department of Financial Services (“DFS”) cybersecurity regulation, 23 NYCRR 500.   On March 1, 2019, the two-year transitional period under the NY DFS regulation expires and all remaining requirements become effective. The final requirement concerns supply chain cybersecurity. Background The NY DFS cybersecurity framework requires… Read more »

Financial & Insurance

  Are you doing everything you can to protect your data? Mergers and acquisitions (M&A) activity, new technologies, and consumer demand for mobile technology all increase the risk to financial services. As one of the most targeted industries, it makes sense to have a strategy that gets everyone can get behind – from the board… Read more »

Defense Federal Acquisition Regulation Supplement Presentation

Strategic Planning for Cyber Risk: Protecting Data and Meeting Regulatory Requirements with NIST SP 800-171 Mar 27, 2018 – Everyone welcome! If your organization accepts Federal or Department of Defense dollars, understanding Federal Acquisition Requirements (FAR) and NIST SP 800-171 is a critical compliance issue that affects everything from risk management to supply chain security…. Read more »

Cybersecurity Compliance

More than just a checklist, our clients work with us to implement compliance frameworks, measurably improve cybersecurity, and decrease cyber risk. Sera-Brynn’s areas of focus: Higher Education – We are the selected third-party assessor and compliance advisor to large pubic universities.  We invite you to start a discussion with our experts. FedRAMP – Sera-Brynn is… Read more »

New York State Cyber Regulation Require New Safeguards in 2017

As of March 1 2017, companies subject to regulation under the Banking Law, Insurance Law, or Financial Services Law in New York State are required to protect their networks and customer data with strong new safeguards under 23 NYCRR 500, Cybersecurity Requirements for Financial Services Companies. The new requirements will feel familiar to companies doing… Read more »