We live in a world where organizations are required to pen test their IT systems and networks. Sometimes. Do you know when penetration testing is required? Or when it’s industry standard? Or when it’s just a good idea? Penetration testing, sometimes called ethical hacking, simulates real-world ways hackers can compromise network and IT assets. The… Read more »
23 NYCRR Part 500
We provide analysis and thoughts on the New York State Department of Financial Services 23 NYCRR Part 500. Cyber security controls are required for covered entities. We provide in-depth discussion on how to interpret and apply various sections. You’ll find articles on how to report and what it means to be exempt.
If you aren’t a regular reader of the Federal Register, you may have missed a proposed upgrade for safeguarding customer information. Background When the Gramm Leach Bliley Act, fondly known as GLBA, was enacted in 1999 we were worried about Y2K, a gallon of gas cost $1.22, and SpongeBob SquarePants had just premiered on Nickelodeon…. Read more »
Banks, insurance companies, and other financial services institutions with home states or branches in New York have less than a month left to create compliant cybersecurity programs. August 28, 2017 is the deadline for this first-in-the-nation requirement. Sera-Brynn’s New York Cybersecurity Assessment (based on 23 NYCRR Part 500) includes: Developing a compliant Cybersecurity Program and… Read more »
New York State is the first in the U.S. to impose a comprehensive cybersecurity regulation on financial institutions, and the regulation, “Cybersecurity Requirements for Financial Services Companies,” (also known as NY Rule 500 or 23 NYCRR Part 500) has a key deadline on the horizon. February 15, 2018 is the date by which the entities… Read more »
As of March 1 2017, companies subject to regulation under the Banking Law, Insurance Law, or Financial Services Law in New York State are required to protect their networks and customer data with strong new safeguards under 23 NYCRR 500, Cybersecurity Requirements for Financial Services Companies. The new requirements will feel familiar to companies doing… Read more »