New York Cybersecurity Regulations – Path to Compliance

Written March 1, 2017, the New York Financial Services Cybersecurity Regulations have been developed to address significant cybersecurity threats to the financial services industry. The regulations prescribe certain standards for a financial service company’s (“regulated entity” or “Covered Entity”) cybersecurity program for the purpose of promoting protection of customer information and protecting regulated information systems.

How We Can Help

The whitepaper below provides a detailed overview of the requirements outlined in 23 NYCRR 500 (pages 1-4) as well as a detailed roadmap toward compliance (page 5). Our team of dedicated security and compliance consultants and researchers can help you develop and implement a roadmap to compliance. Speak with a security professional by contacting us.

Key Updates

1| Requires a detailed risk assessment
2| Requires a CISO (or equivilent) that reports to the board of directors
3| Requires a written and implemented cybersecurity program
4| Requires various technical and non-technical mechanisms in place to support cybersecurity program
5| Tiered effective dates for implementation of various parts of regulation
6| All of this information and a detailed path to compliance are detailed in the whitepaper

Request Whitepaper

Christian Hyatt

Christian is the Managing Director and Co-Founder of risk3sixty,where he helps clients build world-class information security and compliance programs. Christian was the 2018 Technology Association of Georgia Under-35 Professional Services Leader of the Year and 2019 Atlanta Business Chronical Entrepreneur of the Year finalist. Christian holds a B.B.A in Management Information Systems from the University of Georgia and M.B.A from the Georgia Institute of Technology. Christian is a Ceritified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), ISO 27001 Lead Auditor, and PCI QSA.