[et_pb_section fb_built=”1″ fullwidth=”on” _builder_version=”3.0.59″ custom_padding=”0px|0px|0px|0px”][et_pb_fullwidth_header title=”How the Next 30 Days May Change Your Company Forever” subhead=”The New 23 NYCRR 500 Cyber Security Regulations and What it Means for You” text_orientation=”center” title_font_color=”#ffffff” _builder_version=”3.2″ title_font=”Droid Serif||||” title_text_color=”#ffffff” title_font_size=”50px” content_text_color=”#ffffff” content_font_size=”31px” subhead_font=”Droid Serif||||” subhead_text_color=”#ffffff” subhead_font_size=”21px” background_color=”rgba(255, 255, 255, 0)” background_image=”https://www.mdsny.com/wp-content/uploads/2017/06/money-euro-coins-currency-332304-2.jpeg” background_layout=”light”][/et_pb_fullwidth_header][et_pb_fullwidth_image _builder_version=”3.0.72″ animation_style=”slide” animation_direction=”left” animation_duration=”500ms” animation_intensity_slide=”10%”][/et_pb_fullwidth_image][/et_pb_section][et_pb_section fb_built=”1″ _builder_version=”3.0.47″][et_pb_row make_fullwidth=”on” custom_padding=”27px|0px|2px|0px” _builder_version=”3.0.59″ background_size=”initial” background_position=”top_left” background_repeat=”repeat”][et_pb_column type=”4_4″ _builder_version=”3.0.47″ parallax=”off” parallax_method=”on”][et_pb_text _builder_version=”3.0.74″ text_font=”Droid Serif||||” text_font_size=”16px”]

By Jarra Gruen, MDS

In the light of recent global, crippling malware & ransomware attacks, it has never been so imperative to have a standard cyber security protocol in place.

If you are a Financial Company operating in NY State, this is not only a suggestion but a mandatory requirement that is going into effect August 28th, 2017.

NY State has “passed a new law” related to Cyber Security, 23 NYCRR Part 500:

This law says any organization supervised by the NY State Department of Financial Services (NYSDFS) must have a COMPLETE cyber security program in place by August 28, 2017.

That’s correct: if you have not done so already, you have approximately one month to implement a full-scale cyber security program.

In addition to having the program established, you MUST designate someone as the Chief Information Security Officer (CISO).

So, what does this mean for your organization?

If you are designated as a financial services company (insurance, banking, mortgage brokers, check cashers, health insurers, hedge funds, etc.) in the State of New York:

1. You must designate a CISO

2. Build a cyber security program and

3. Have it up and running by August 28th, 2017

Failure to build it and prove its existence and viability can result in heavy fines and scrutiny from the state regulators. There are a few organizations that would be exempt from this new law, but those exemptions will only impact less than 1% of the financial services companies in New York State.

Feeling overwhelmed about all that needs to be done before this deadline? Not to worry, the compliance experts at MDS are here to assist you every step of the way. We break down what is important and customize a compliant solution that ensures you are not only ready for the deadline, but that your cyber security protocol is enhanced  in the process.

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row _builder_version=”3.0.59″][et_pb_column type=”4_4″ _builder_version=”3.0.47″ parallax=”off” parallax_method=”on”][et_pb_text _builder_version=”3.0.74″ inline_fonts=”Droid Serif”]

Learn how to be DFS Compliant with our Complimentary Checklist!

[/et_pb_text][et_pb_cta title=”Download The 23 NYCRR 500 Checklist” button_url=”https://www.mdsny.com/dfs-check-list/” button_text=”DOWNLOAD NOW” _builder_version=”3.8″ header_font=”Droid Serif|on|||” header_font_size=”30px” body_font_size=”14px” background_color=”#2d3743″ background_size=”initial” background_position=”top_left” background_repeat=”repeat” custom_button=”on” button_text_color=”#000000″ button_bg_color=”#007c70″ button_border_radius=”23px” button_letter_spacing=”4px” button_font=”Droid Sans|on|||” button_icon=”%%30%%” button_icon_color=”#000000″ button_on_hover=”off” button_text_color_hover=”#ededed” button_bg_color_hover=”rgba(0,0,0,0.35)” button_border_color_hover=”#000000″ button_letter_spacing_phone=”2px” button_letter_spacing_last_edited=”on|desktop” custom_margin=”|||” custom_padding=”6px||38px|” custom_css_main_element=” border-radius: 50px;” header_line_height=”1.2em”][/et_pb_cta][/et_pb_column][/et_pb_row][et_pb_row make_fullwidth=”on” custom_padding=”0px|0px|27px|0px” _builder_version=”3.0.59″][et_pb_column type=”4_4″ _builder_version=”3.0.47″ parallax=”off” parallax_method=”on”][et_pb_text disabled_on=”off|on|on” _builder_version=”3.0.74″ text_font=”Droid Serif||||” text_font_size=”16px”]What does the state want? 

What exactly must you do to keep the state happy executing the NYSFSCA? There are four key components which need to be addressed:

  1. Hire, contract or designate a CISO to build, implement, oversee and enforce a sound cyber security program;
  2. Establish/build said cyber security program;
  3. Write, adopt and enforce a cyber security policy
  4. Enact and implement several security controls requested by the NYSDFS

How do you do the above?

The simplest is the first: Hiring a CISO to do the remaining three. Please note that the CISO can be a contracted by a third party, or can be hired internally.

Frequently, an organization will attempt to build a cyber security program but isn’t aware of the nuances involved in making such a program viable. Or they have someone throw together some policies, only to have them not be enforceable because they don’t have the right leadership in place…leadership that knows how to move policies through the various acceptance phases.

The state has the law broken down into twenty-two sections (Section 500.01 to Section 500.22), of which 14 are particularly relevant, which we have broken down for you as follows:

02-The Cyber security Program

03-The Cyber security Policy              

04-The CISO

05-Penetration Testing                        

06-A cyber security audit trail      

07-User Access

08-Application Security                         

09-Risk Assessments                            

10-Your Cyber security Team

11-Vendor Management                        

13-Data Retention rules                      

14-Security awareness training

15-Encrypting nonpublic data            

16-Incident Response Plans

The CISO

The thought leader of your cyber security protection program needs to lead the charge in assessing the vulnerabilities within your organization. The hiring of the CISO (500.04) will drive the rest of the controls required of the NYSDFS:

  • Do you have a robust cyber security protection program? (500.02)
  • Do you have a set of policies that govern your cyber security program? (500.03)
  • Is your infrastructure secure? (500.05)
  • Is your organization producing audit trails? (500.06)
  • Who establishes what user has access to what? (500.07)
  • Are your Applications secure? (500.08)
  • Has your organization undertaken a thorough risk assessment? (500.09)
  • Do you have a coordinated cyber security team as required by NYCRR? (500.10)
  • Do you have effective Third Party Vendor Management? (500.11) (If you don’t think that’s important, ask Target:
  • One of their vendors was breached and the hackers used that HVAC vendor as a conduit into the Target network.)
  • Does your organization comply with the Data Retention Rule? (500.13)
  • Does your organization provide appropriate Security Awareness Training? (500.14)
  • Does your organization encrypt non-public data? (500.15)
  • Does your organization have appropriate incident response plans? (500.16)

If you do not currently have a CISO in place, you can utilize a Third-Party, such as MDS, as your CISO solution.

What This Regulation Means Nation-Wide:

This could change everything. The breach notification law, SB 1386 rolled out by California in 2003 set off tremors through the IT and Information Security (IS) world. For the first time, a state would tell any business operating in their state that if there was the possibility of a breach of data, they, the business, would have to notify everyone potentially affected by the breach.

Like with CA-SB1386, other states can sit back and watch, see how this new 23 NYCRR 500 implantation goes and, if it’s successful, they can write their own laws to do the same thing. All eyes are on NY State, and with MDS by your side, we can make sure that your organization is covered against the growing threat of Cyber Crime while also ensuring you aren’t penalized by not being compliant.

Contact the experts at MDS to learn about the custom solutions we provide in order to ensure your organization is 100% compliant by the August 2017 deadline.

[/et_pb_text][et_pb_text disabled_on=”on|off|off” _builder_version=”3.0.74″ text_font=”Droid Serif||||” text_font_size=”16px”]

What does the state want? 

What exactly must you do to keep the state happy executing the NYSFSCA? There are four key components which need to be addressed:

  1. Hire, contract or designate a CISO to build, implement, oversee and enforce a sound cyber security program;
  2. Establish/build said cyber security program;
  3. Write, adopt and enforce a cyber security policy
  4. Enact and implement several security controls requested by the NYSDFS

How do you do the above?

The simplest is the first: Hiring a CISO to do the remaining three. Please note that the CISO can be a contracted by a third party, or can be hired internally.

Frequently, an organization will attempt to build a cyber security program but isn’t aware of the nuances involved in making such a program viable. Or they have someone throw together some policies, only to have them not be enforceable because they don’t have the right leadership in place…leadership that knows how to move policies through the various acceptance phases.

The state has the law broken down into twenty-two sections (Section 500.01 to Section 500.22), of which 14 are particularly relevant, which we have broken down for you as follows:

02-The Cyber security Program            03-The Cyber security Policy              04-The CISO

05-Penetration Testing                            06-A cyber security audit trail           07-User Access

08-Application Security                          09-Risk Assessments                            10-Your Cyber security Team

11-Vendor Management                         13-Data Retention rules                       14-Security awareness training

15-Encrypting nonpublic data             16-Incident Response Plans

The CISO

The thought leader of your cyber security protection program needs to lead the charge in assessing the vulnerabilities within your organization. The hiring of the CISO (500.04) will drive the rest of the controls required of the NYSDFS:

  • Do you have a robust cyber security protection program? (500.02)
  • Do you have a set of policies that govern your cyber security program? (500.03)
  • Is your infrastructure secure? (500.05)
  • Is your organization producing audit trails? (500.06)
  • Who establishes what user has access to what? (500.07)
  • Are your Applications secure? (500.08)
  • Has your organization undertaken a thorough risk assessment? (500.09)
  • Do you have a coordinated cyber security team as required by NYCRR? (500.10)
  • Do you have effective Third Party Vendor Management? (500.11) (If you don’t think that’s important, ask Target:
  • One of their vendors was breached and the hackers used that HVAC vendor as a conduit into the Target network.)
  • Does your organization comply with the Data Retention Rule? (500.13)
  • Does your organization provide appropriate Security Awareness Training? (500.14)
  • Does your organization encrypt non-public data? (500.15)
  • Does your organization have appropriate incident response plans? (500.16)

If you do not currently have a CISO in place, you can utilize a Third-Party, such as MDS, as your CISO solution.

What This Regulation Means Nation-Wide:

This could change everything. The breach notification law, SB 1386 rolled out by California in 2003 set off tremors through the IT and Information Security (IS) world. For the first time, a state would tell any business operating in their state that if there was the possibility of a breach of data, they, the business, would have to notify everyone potentially affected by the breach.

Like with CA-SB1386, other states can sit back and watch, see how this new 23 NYCRR 500 implantation goes and, if it’s successful, they can write their own laws to do the same thing. All eyes are on NY State, and with MDS by your side, we can make sure that your organization is covered against the growing threat of Cyber Crime while also ensuring you aren’t penalized by not being compliant.

Contact the experts at MDS to learn about the custom solutions we provide in order to ensure your organization is 100% compliant by the August 2017 deadline.

[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built=”1″ _builder_version=”3.8″ background_color=”#ebebeb” border_radii=”|||140px|140px” custom_padding=”0px|0px|0px|0px” custom_css_after=”display: block;||position: absolute;||content: ”;||width: 100px;||height: 100px;||bottom: -50px;||left: 50%;||margin-left: -50px;||-ms-transform: rotate(45deg);||-webkit-transform: rotate(45deg);||transform: rotate(45deg);||z-index: 1;||” module_id=”contact”][et_pb_row make_fullwidth=”on” custom_padding=”38px|0px|28px|0px” _builder_version=”3.0.95″][et_pb_column type=”4_4″ _builder_version=”3.0.47″ parallax=”off” parallax_method=”on”][et_pb_text _builder_version=”3.0.97″ text_font=”||||||||” ul_font=”||||||||” header_font=”||||||||” header_text_align=”center” header_text_shadow_style=”preset5″]

Reach out to an MDS expert now and we will get back to you shortly!

[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built=”1″ _builder_version=”3.0.97″ custom_padding=”0px|0px|0px|0px”][et_pb_row make_fullwidth=”on” custom_padding=”0px|0px|0px|0px” _builder_version=”3.0.97″ module_alignment=”center”][et_pb_column type=”4_4″ _builder_version=”3.0.47″ parallax=”off” parallax_method=”on”][et_pb_code _builder_version=”3.0.97″ text_orientation=”center” module_alignment=”right”]<iframe src="https://www.mdsny.com/test3.html" allowtransparency="true" width="100%" height="650px" type="text/html" frameborder="0" style="border:0"></iframe>[/et_pb_code][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built=”1″ _builder_version=”3.0.106″ background_color=”#2d3743″ custom_margin=”|||” custom_padding=”15px|0px|0px|0px|false|false” global_module=”123120″][et_pb_row make_fullwidth=”on” custom_padding=”15px|0px|0px|0px|false|false” _builder_version=”3.3.1″ module_alignment=”center”][et_pb_column type=”1_2″ _builder_version=”3.0.47″ parallax=”off” parallax_method=”on”][et_pb_text _builder_version=”3.3.1″ text_font=”||||||||” text_font_size=”12px” text_line_height=”1.6em” header_font=”||||||||” header_2_font=”||||||||” background_layout=”dark”]

About MDS

Updating your IT Infrastructure doesn’t have to be a do-it-yourself project. 

With MDS, you can focus on growing your business while we take care of the technology. Our engineers go beyond standard canned offerings by creating end-to-end project solutions tailored to fit your organization’s specific needs. 

MDS experts are available 24/7 and have a wide range of skills that allow you to harness the power of a large IT team, without the overhead.

 

[/et_pb_text][et_pb_code admin_label=”Cookie Settings Button” _builder_version=”3.3.1″]<!– OneTrust Cookies Settings button start –><!– [et_pb_line_break_holder] –><a class="optanon-toggle-display">Cookie Settings</a><!– [et_pb_line_break_holder] –><!– OneTrust Cookies Settings button end –>[/et_pb_code][et_pb_social_media_follow _builder_version=”3.0.106″][/et_pb_social_media_follow][et_pb_social_media_follow _builder_version=”3.3.1″][et_pb_social_media_follow_network social_network=”twitter” url=”https://twitter.com/maureendatasys?lang=en” _builder_version=”3.0.105″ follow_button=”off” url_new_window=”on”]twitter[/et_pb_social_media_follow_network][et_pb_social_media_follow_network social_network=”facebook” url=”https://www.facebook.com/MaureenData/” _builder_version=”3.0.105″ follow_button=”off” url_new_window=”on”]facebook[/et_pb_social_media_follow_network][et_pb_social_media_follow_network social_network=”linkedin” url=”https://www.linkedin.com/company/maureen-data-systems” _builder_version=”3.0.105″ follow_button=”off” url_new_window=”on”]linkedin[/et_pb_social_media_follow_network][/et_pb_social_media_follow][/et_pb_column][et_pb_column type=”1_4″ _builder_version=”3.0.47″ parallax=”off” parallax_method=”on”][et_pb_text _builder_version=”3.8″ text_font=”||||||||” text_line_height=”1.4em” background_layout=”dark”]

Upcoming Events

Please check back for more MDS events!

[/et_pb_text][/et_pb_column][et_pb_column type=”1_4″ _builder_version=”3.0.47″ parallax=”off” parallax_method=”on”][et_pb_text _builder_version=”3.0.105″ text_font=”||||||||” text_line_height=”1.4em” background_layout=”dark”]

Contact Us

NYC Headquarters
307 W. 38th Street, Suite 1801
New York, NY 10018

Tel646-744-1000
Email: contactus@mdsny.com

NYC | FL | TX | PR

[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section]