In two weeks, the September 3 deadline will be upon us. This is when the 18-month transitional period of the NYDFS (New York State Department of Financial Services) Cybersecurity Regulation will end, requiring organizations to be compliant with Section 500.08 Application Security. There is still time to make final adjustments and prepare your organization for the Regulation – but time is running out quickly.
Application security requirements
Section 500.08 mandates that the cybersecurity programs of covered entities must include written procedures, guidelines, and standards that ensure secure development for the organization’s in-house applications. It also requires procedures for evaluating, assessing, or testing the security of the organization’s externally developed applications.
The covered entities must also periodically have the procedures, guidelines, and standards reviewed, assessed, and updated by a qualified security professional, usually the CISO (chief information security officer).
Get started on your compliance journey with penetration testing
Application security is of the utmost importance to an organization’s overall cybersecurity. One way to ensure that your applications are secure is through penetration testing: a systematic process of probing for vulnerabilities in your applications and networks. It’s essentially a controlled form of hacking in which the ‘attackers’ operate on your behalf to find the sorts of weaknesses that criminal hackers may exploit.
Is your organization #BreachReady?
To help your organization become #BreachReady this summer, IT Governance USA is offering up to 20% off all sorts of solutions to prevent or mitigate the effect of data breaches.