We Help with NYDFS Cybersecurity Regulations
Achieve NYDFS Cybersecurity Requirements with Pratum's vCISO Security Service.
Pratum's Virtual CISO (vCISO) is your designated CISO (500.04) to oversee and implement your NYDFS cybersecurity program. Pratum's vCISO is a unique security service that delivers expert security leadership, insight, and support while functioning as an extension of your business. Your organization will be assigned a trusted information security consultant, along with a team of analysts and advisors (500.10), who will help lead your cybersecurity program.
We begin to establish your NYDFS cybersecurity program by first getting to know your organization and understanding your business objectives. From there, a plan is developed that aligns with your security needs and requirements.
On March 1, 2017, the New York Department of Financial Services (DFS) issued a regulation designed to promote the protection of customer information as well as the information technology systems of regulated entities. This regulation requires each regulated entity to assess its specific risk profile and design a program that addresses its risks in a robust fashion.
- September 3, 2018 - Eighteen month transitional period ends. Covered Entities are required to be in compliance with the requirements of sections 500.06, 500.08, 500.13, 500.14(a) and 500.15 of 23 NYCRR Part 500.
- March 1, 2019 - Two year transitional period ends. Covered Entities are required to be in compliance with the requirements of 23 NYCRR 500.11.
Pratum is ready to help businesses understand their cybersecurity requirements and become compliant.
Developing Your Cybersecurity Program
Your program will be unique to your organization and designed to execute security initiatives while achieving business objectives. Pratum’s vCISO team develops security programs by utilizing a combination of cybersecurity services, including the following.
Cybersecurity Program (500.02)
Pratum will establish and maintain a cybersecurity program based on a periodic risk assessment and designed to protect the confidentiality, integrity and availability of Information Systems. vCISO will assist with the implementation of policies and procedures that are designed to detect and respond to cybersecurity events, recover and restore operations and services due to the impact of cybersecurity events, and fulfill applicable regulatory reporting obligations.
Cybersecurity Policy (500.03)
Proper policy development and implementation provides employees with the knowledge they need to protect your organization against cyber-attacks. Policies must be designed to support risk management goals while maintaining business operations. Pratum’s risk assessment process involves one-on-one interaction with business leaders, allowing our consultants to fully understand your needs and draft your policies in a manner that will support your objectives.
Penetration Testing and Vulnerability Assessments (500.05)
As part of the vCISO Security Program, Pratum will conduct annual Penetration Testing of vulnerable Information Systems identified in the annual risk assessment. Along with this testing, Pratum can conduct bi-annual vulnerability assessments, including any systematic scans or reviews of information systems.
Audit Trail (500.06)
Pratum’s IT audits are conducted using common security controls, frameworks and industry best practices. These audits provide insight into potential gaps in processes and procedures in technology environments. Pratum’s consultants provide expert opinions on how effectively controls are designed and how efficiently they are working. With this information, organizations are able to make changes to their administrative, physical and technical controls to better meet business goals while reducing risk.
Risk Assessment (500.09)
As an integral part of NYDFS' Cybersecurity Requirements, the risk assessment must be performed before beginning the development of the cybersecurity program. Pratum's vCISO will perform the risk assessment of Information Systems. The knowledge gained through a risk assessment helps guide an organization in making rational decisions to improve security posture and aligning risk with acceptable tolerance levels.
Training and Monitoring (500.14)
Pratum offers live on-site security awareness and training sessions, recorded training videos and digital training collateral. The sessions cover topics that have been adjusted in collaboration with your organization to provide content specific to the company’s unique security needs.
Pratum's Managed SIEM provides security expertise and a holistic view into network activity. Businesses are able to simplify log monitoring and management by relying on Pratum's security operations center (SOC) to deliver a managed security service that provides continuous data analysis, threat intelligence, and security incident reporting.
Incident Response Plan (500.16)
Cybersecurity incidents occur regularly. At one time or another every organization will be victim to a cyber-attack. It is how organizations plan for and react to these attacks that makes the difference. Building a solid incident response infrastructure, which includes response and remediation plans, training, communications, and management direction, will prepare your organization for all levels of security incidents.