IT Governance, the leading provider of cybersecurity and
ISO 27001 expertise, is urging New York-based financial institutions to start preparing for cybersecurity regulations.
The statement follows New York State’s Department of Financial Services recent release on the updated cybersecurity proposal, which is due to come into effect on March 1, 2017. The proposed regulation requires all New York financial institutions to implement appropriate security measures to protect themselves from cyber attacks.
The new legislation will require covered entities to submit an annual written certification to the superintendent of financial services in order to demonstrate compliance.
Alan Calder, the founder and executive chairman of IT Governance, said: “Financial services and insurance entities should prepare now. The new law presents challenges for most organizations, and will require a complete assessment of both operational and technical systems.”
Moreover, the legislation will require organizations to maintain a cybersecurity program, implement risk assessment controls and an incident response plan, identify vulnerabilities in networks and platforms, encrypt non-public information, conduct penetration testing, and provide regulation cybersecurity awareness training.
Businesses will also be required to hold records, timetables, and information that support the certificate and must be kept for five years for inspection by the department.
The Regulation, which is open for comments until the end of January, exempts organizations with fewer than 10 employees, and that have had less than $5 million in revenue over the last three years. The proposed legislation also exempts organizations with assets that do not exceed $10 million.
IT Governance urges financial organizations to take action and begin preparations now, as implementation will be particularly challenging due to the many compliance deadlines, which range between six months and two years.
“As information security practitioners, we encourage organizations to implement an
ISO 27001-compliant ISMS (information security management system) as a best-practice path to achieving compliance with the Regulation. Organizations certified to ISO 27001 can demonstrate the three pillars of information security – people, processes, and technology – are addressed and that the organization has implemented a management system to achieve cyber resilience and maintain a strong information security posture,” Alan Calder continued.
For more information on how IT Governance can help your organization achieve compliance with the
New York legislation or certification to ISO 27001, please visit our
website, email
servicecenter@itgovernanceusa.com, or call 1-877-317-3454.