New York State’s financial services cybersecurity requirements
The Cybersecurity Requirements for Financial Services Companies released by New York State’s Department of Financial Services (DFS) requires all NY financial institutions to implement security measures in order to protect themselves against cyberattacks. Increasing cyber threats facing the financial industry propelled the Regulation forward.
Among many provisions, the Regulation will require organizations to:
Maintain a cybersecurity policy and program
Appoint a CISO
Implement risk assessment controls and an incident response plan
Provide regular cybersecurity awareness training
Conduct penetration testing and identify vulnerabilities
Encrypt non-public information.
The proposal has a number of different compliance deadlines, which range from six months to two years. Written documentation must be submitted to the Superintendent of Financial Services by February 2018, certifying that the organization meets the requirements.
In the event of a cyber attack or a breach, the organization must report the incident to the Superintendent within 72 hours.
Taking the right measures for compliance
Implementation could be challenging for organizations as there are many requirements and different timelines for each of them. Taking the right steps now to plan your cybersecurity program and align it with your business objectives is essential.
Meet requirements and deadlines with ISO 27001, the international standard for information security.
ISO 27001 is a best-practice solution that will ensure you meet NYDFS cybersecurity obligations. This international standard provides an ISMS (information security management system) framework that can be used to meet the Regulation’s requirements, protect and monitor information, and follow a continual improvement approach that allows the organization to keep up with evolving threats.
Learn more about ISO 27001 and the New York DFS Cybersecurity Requirements >>