Thursday, March 16th at 2:00pm EST | 11:00am PST
On Dec. 28, 2016, the State of New York issued a revised regulation on its Cybersecurity Requirements for Financial Services Companies (23 NYCRR 500). The regulation was revised and republished by the New York State Department of Financial Services (DFS) after receiving significant comments from the financial services industry.
In addition to requiring that each covered entity have a cybersecurity program and a Chief Information Security Officer (CISO), the regulation places significant additional requirements in the areas of: access controls, asset management, data governance, software development practices, third party risk assessment, and other proscribed areas.
Particularly compelling is the requirement that covered entities must provide an annual certification of their compliance with the regulation beginning as early as Feb. 15, 2018 for many of its sections.
Join us on Thursday, March 16th as we examine:
• Who is covered by the regulation
• Key areas covered
• How to approach compliance
• Overall impact on Cybersecurity and Third-Party Risk Assessments
Topics will range from how to structure your program, to best practices in collecting vendor due diligence, to assessing vendor risk controls.