NYDFS Cybersecurity Requirements: Training and Monitoring

In one week, the September 3, 2018 deadline for the 18-month transitional period of the NYDFS Cybersecurity Requirements (23 NYCRR 500) will require organizations to comply with Section 500.14(a): Training and Monitoring. There is still time to comply and prepare your organization for the Regulation.

Training and monitoring requirements

Part A of Section 500.14 mandates the implementation of risk-based policies, procedures, and controls. These are designed to monitor the activity of authorized users, and detect unauthorized access to, use of, or tampering with non-public information.

Part B of Section 500.14 mandates organizations to provide regular cybersecurity awareness training for all staff. The training must reflect the risks identified in the risk assessment (another requirement under the Regulation).

Part A is required by September 3, while Part B should’ve been implemented already. The deadline for Part B was March 1 this year.

Get started with your compliance journey

ISO 27001 is the international standard that sets out the requirements of a best-practice ISMS (information security management system).

Clauses 4.2 and 4.3 of ISO 27001 mandate that an ISMS meets all legal, regulatory, and contractual requirements. For covered entities (financial institutions with a branch in New York, as well as third-party suppliers to those New York-based institutions), that includes the NYDFS Cybersecurity Requirements.

Prepare your staff with our staff awareness training course

Although the deadline for Part B, which covers staff awareness training, has passed, it’s not too late to comply. If you don’t already have cybersecurity awareness training in place, take a look at our Information Security Staff Awareness E-learning Course. This interactive e-learning course is designed to help employees gain a better understanding of information security risks and compliance requirements, thereby reducing your organization’s exposure to security threats. It teaches them about information security best practices to mitigate preventable mistakes.

Is your organization #BreachReady?

The Information Security Staff Awareness E-learning Course is one of many products in our #BreachReady promotion.  To help your organization become #BreachReady this summer, we’re offering up to 20% off all sorts of solutions to prevent or mitigate the effect of data breaches.

Find out more >>

Are you #BreachReady?