Thursday, March 16th at 2:00pm EST | 11:00am PST
On Dec. 28, 2016, the State of New York issued a revised regulation on its Cybersecurity Requirements for Financial Services Companies (23 NYCRR 500). The regulation was revised and republished by the New York State Department of Financial Services (DFS) after receiving significant comments from the financial services industry.
In addition to requiring that each covered entity have a cybersecurity program and a Chief Information Security Officer (CISO), the regulation places significant additional requirements in the areas of: access controls, asset management, data governance, software development practices, third party risk assessment, and other proscribed areas.
Particularly compelling is the requirement that covered entities must provide an annual certification of their compliance with the regulation beginning as early as Feb. 15, 2018 for many of its sections.
Join us as we examine:
Topics will range from how to structure your program, to best practices in collecting vendor due diligence, to assessing vendor risk controls.