SECURITY THROUGH DATA

CYBER 101

  • Blog
  • CyberDecoded
  • CyberReview
  • CyberStory
  • CyberTips
  • Entertainment
  • FAQ

Cyber Risks

  • Alerts
  • Attackers
  • Incidents
  • Threats

Cyber Education

  • Books
  • Certifications
  • Courses
  • Definitions
  • Documents
  • Domains
  • Quotes
  • Tutorials
  • Trivia
CyberMaterial
  • Home
  • Cyber Citizens
  • Cyber Professionals
  • Institutions
No Result
View All Result
  • About
    • Company
    • Legal and Privacy Policy
CyberMaterial
  • Home
  • Cyber Citizens
  • Cyber Professionals
  • Institutions
No Result
View All Result
  • About
    • Company
    • Legal and Privacy Policy
CyberMaterial
No Result
View All Result

Addressing the 23 NYCRR 500 Cybersecurity Regulation

Impact Makers

3 min read
in Document, Report

 

Background and Purpose

Who is this for? This playbook is for any financial services companies that do business in the State of New York, including those that are based in New York, as well as those that reside outside.

Anyone who does not fit that description need not heed this particular playbook’s sprint plan or adhere to the 23 NYCRR 500 regulation, but we believe the approach and methodologies outlined are still of use for compliance against other states’ regulation requirements and for sustaining any mature cybersecurity culture.

How does this help? This cybersecurity regulation is not for the faint of heart. Impact Makers’ cybersecurity experts (Governance, Risk, and Compliance team) has collaborated to break down the morass of legalese into actionable sprints that ensure compliance as well as lay the foundation for a mature cybersecurity culture.

This playbook also includes a compilation of useful logistical info so that readers will not have to expend redundant capacity in meeting the regulation standards, and can focus their time and energy on their cybersecurity needs.

What is the regulation? The New York Cybersecurity Rule (23 NYCRR 500) (also known as the “Cybersecurity Requirements for Financial Services Companies”) was introduced by the New York State Department of Financial Services (NYDFS) in 2016, passed in the first quarter of 2017, and took effect March 1, 2017.

This regulation will be enforced by the NYDFS and affects all covered entities including Financial Services, and Health, Life and Property Insurers. The Regulation is designed to comply with State and Federal standards and its purpose is to promote the protection of customer information as well as the information technology systems of regulated entities.

Highlights of the regulation include:
• The Regulation requires each company to assess its specific risk profile and design a program that addresses its risks in a robust fashion.
• Senior management must take this issue seriously and be responsible for the organization’s cybersecurity program and file an annual certification confirming compliance with these regulations.
• NYDFS defines a Covered Entity as “any Person operating under or required to operate under a license, registration, charter, certificate, permit, accreditation or similar authorization under the Banking Law, the Insurance Law or the Financial Services Law.”

The purpose of this Playbook is to provide a basis and guidance for compliance with the NYCRR 500 Cybersecurity regulation for covered entities who are regulated by the NYDFS.

Many organizations will find they have a substantial part of the regulatory requirements already in place and merely need to take inventory and report their compliance to the NYDFS. This playbook will help covered entities review and ensure their cybersecurity program is current, conforms to the regulation, and satisfies the regulation as required.

The approach for the cybersecurity framework proposed in this playbook is based on the NIST cybersecurity framework (version 1.0) as we believe it is likely that this framework will eventually be the basis for many of the federally mandated cybersecurity regulations and compliance programs.

Additionally, the NIST cybersecurity framework approach is suggested because it is an effective and measurable way to manage cybersecurity risk across the organization.

GET DOCUMENT

Related

Tags: Data PrivacyDocumentsFinancialFinancial dataGovernmentHealthImpact MakersNew York StatePersonal DataPrivate dataReport
1
VIEWS
ADVERTISEMENT

Related Posts

Payment Card Industry (PCI) Qualified Security Assessors

Payment Card Industry (PCI) Qualified Security Assessors

May 18, 2022
Payment Card Industry (PCI) Data Security Standard Final PFI Report

Payment Card Industry (PCI) Data Security Standard Final PFI Report

May 18, 2022
Payment Card Industry (PCI) Data Security Standard PFI Preliminary Incident Response Report

Payment Card Industry (PCI) Data Security Standard PFI Preliminary Incident Response Report

May 18, 2022
PCI Firewall Basics

PCI Firewall Basics

May 18, 2022

More Articles

Document

Travel Cybersecurity Awareness Toolkit

April 7, 2022
Meme

Windows saving?

November 28, 2020
Cyber101

Implementation Group 1 (IG1)

March 10, 2022
Cyber101

Window of vulnerability – Definitions

March 10, 2022

Hack at all cost: putting a price on APT attacks

April 13, 2021
Incidents

Luxury hotel chain in Thailand reports data breach

October 29, 2021
Quotes

“It is better to impersonate a fictional employee rather than…”

January 25, 2021

Phishing and Countermeasures

January 24, 2021
Load More
ADVERTISEMENT

© 2022 | CyberMaterial | All rights reserved.

  • About us
  • Contact
  • Legal and Privacy Policy
No Result
View All Result
  • Cyber101
    • Blog
    • CyberDecoded
    • Cyber Review
    • CyberStory
    • CyberTips
  • Cyber Risks
    • Alerts
    • Attackers
    • Incidents
  • Cyber Education
    • Book
    • Certification
    • Course
    • Definition
    • Document
    • Quotes
    • Tutorials
  • Cyber Opportunities

© 2022 Cybermaterial - Security Through Data .

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

Posting....