As technology becomes increasingly central to the way almost all organisations are run, the safety of the information stored on that technology is becoming more important. As such, many national, international, state and sectoral regulators are starting to introduce laws that address the things businesses should be doing to stay cyber secure.
Last year, New York became the first state to propose cyber security requirements for the financial industry. The New York Department of Financial Services (NYDFS) Cybersecurity Requirements came into effect on 1 March 2017, with a 180-day transition period for organisations to put in place the appropriate measures.
New York will not be the only state affected by this, as the Regulation applies to any financial institution in the world that has a branch in the state, as well as any affiliates and third-party vendors of New York-based institutions.
Other states should also be looking out, because if the Regulation proves successful, similar laws will likely be introduced across the country.
To comply with the Cybersecurity Requirements, performing risk assessments will be vital. Risk assessments provide a clear picture of an organisation’s information systems and vulnerabilities, and help determine the measures and controls that need to be implemented. In order to meet Section 500.02 (maintaining a documented, risk-based cyber security programme) and Section 500.03 (implementing and maintaining a cyber security policy), both of which fall under the first set of deadlines on 28 August 2017, risk assessments are essential.
Simple risk management with vsRisk
The Regulation doesn’t outline a specific set of conditions or a particular risk assessment procedure that organisations must follow, which means they are free to develop one that aligns with their objectives.
If you don’t know where to start, you should consider our risk assessment tool, vsRisk™. With vsRisk, you can customise the risk criteria, calculation formula and impact/likelihood scale. Alternatively, you can choose from our default options.
Meanwhile, if you want to find out more about the NYDFS Cybersecurity Requirements, and the deadlines you need to meet, you should take a look at our timeline for compliance. It outlines the six stages to the implementation of the Regulation, including each set of deadlines.