We Help with NYDFS Cybersecurity Regulations
Achieve NYDFS Cybersecurity Requirements with Pratum's vCISO Security Service.
Pratum's Virtual CISO (vCISO) is your designated CISO (500.04) to oversee and implement your NYDFS cybersecurity program. Pratum's vCISO is a unique security program that delivers expert security leadership, insight and support while functioning as an extension of your business. Your organization will be assigned a trusted information security consultant, along with a team of analysts and advisors (500.10), who will help lead your cybersecurity program.
The vCISO program begins with learning about your organization and understanding your business objectives. From there, a plan is developed that aligns with your security needs and requirements.Developing a Cybersecurity Program
New York State is serious about cybersecurity. And on March 1, 2017, the New York Department of Financial Services (DFS) issued a regulation designed to promote the protection of customer information as well as the information technology systems of regulated entities. This regulation requires each regulated entity to assess its specific risk profile and design a program that addresses its risks in a robust fashion.
The NYDFS cybersecurity regulation requires covered entities to file an annual certification confirming compliance with regulation. The initial certification will be due February 15, 2018.
Pratum is ready to help businesses understand their cybersecurity requirements and become compliant.
Developing your Cybersecurity Program
Your program will be unique to your organization and designed to execute security initiatives while achieving business objectives. Pratum’s vCISO team develops security programs by utilizing a combination of cybersecurity services, including the following.
Cybersecurity Program (500.02)
Pratum will establish and maintain a cybersecurity program based on a periodic risk assessment and designed to protect the confidentiality, integrity and availability of Information Systems. vCISO will assist with the implementation of policies and procedures that are designed to detect and respond to cybersecurity events, recover and restore operations and services due to the impact of cybersecurity events, and fulfill applicable regulatory reporting obligations.
Risk Assessment (500.09)
As an integral part of NYDFS' Cybersecurity Requirements, the risk assessment must be performed before beginning the development of the cybersecurity program. Pratum's vCISO will perform the risk assessment of Information Systems. The knowledge gained through a risk assessment helps guide an organization in making rational decisions to improve security posture and aligning risk with acceptable tolerance levels.
Cybersecurity Policy (500.03)
Proper policy development and implementation provides employees with the knowledge they need to protect your organization against cyber-attacks. Policies must be designed to support risk management goals while maintaining business operations. Pratum’s risk assessment process involves one-on-one interaction with business leaders, allowing our consultants to fully understand your needs and draft your policies in a manner that will support your objectives.
Penetration Testing and Vulnerability Assessments (500.05)
As part of the vCISO Security Program, Pratum will conduct annual Penetration Testing of vulnerable Information Systems identified in the annual risk assessment. Along with this testing, Pratum can conduct bi-annual vulnerability assessments, including any systematic scans or reviews of information systems.
Audit Trail (500.06)
Pratum’s IT audits are conducted using common security controls, frameworks and industry best practices. These audits provide insight into potential gaps in processes and procedures in technology environments. Pratum’s consultants provide expert opinions on how effectively controls are designed and how efficiently they are working. With this information, organizations are able to make changes to their administrative, physical and technical controls to better meet business goals while reducing risk.
Training and Monitoring (500.14)
Pratum offers live on-site security awareness and training sessions, recorded training videos and digital training collateral. The sessions cover topics that have been adjusted in collaboration with your organization to provide content specific to the company’s unique security needs.
Pratum's Managed SIEM provides security expertise and a holistic view into network activity. Businesses are able to simplify log monitoring and management by relying on Pratum's security operations center (SOC) to deliver a managed security service that provides continuous data analysis, threat intelligence, and security incident reporting.
Incident Response Plan (500.16)
Cybersecurity incidents occur regularly. At one time or another every organization will be victim to a cyber-attack. It is how organizations plan for and react to these attacks that makes the difference. Building a solid incident response infrastructure, which includes response and remediation plans, training, communications, and management direction, will prepare your organization for all levels of security incidents.