What You Need to Know about New Yorks Proposed New Cybersecurity Regulation
New Yorks Department of Financial Services has proposed a new cybersecurity regulation for financial service organizations that do business in New York. The impetus of the regulation is a direct result of the proliferation of cybersecurity breaches and the potential for significant financial loss and misappropriation of consumer data.
The regulation sets expectations for minimum practices, including a set of policies and procedures for the protection of information systems and data. Some of the topics that must be addressed, and approved at least on an annual basis by a senior officer, include:
- Access controls and identity management
- Business continuity and disaster recover planning and resources
- Physical security and environmental controls
- Vendor and third party service provider management
- Risk assessment
- Incident response to cybersecurity events
Additionally, each entity must appoint a Chief Information Security Officer (CISO), who is responsible for overseeing, implementing, and governing the cybersecurity program. The CISO will be required to develop and present a report to the board of directors, or equivalent governing body, at least annually. The report should assess the confidentiality, integrity and availability of the firms information systems; detail exceptions to the cyber-security policies and procedures; identify cyber risks; assess the effectiveness of the cyber-security program; propose steps to remediate any identified inadequacies; and include a summary of all material cyber-security events during the reports time period.
Nasdaq BWise understands the need for flexible software that can adapt as risk and employees change, regulations mature, and as technology, products, and services advance. BWise solutions offer financial service companies risk management solutions to manage cyber threats, support compliance practices, and enable the embedding and sustainability of information security processes.
For more information about how Nasdaq BWise software solutions can help protect against cyber threats, please visit www.bwise.com/vr-experience.