NYDFS Cybersecurity Requirements for Financial Institutions

We Help with NYDFS Cybersecurity Regulations

Achieve NYDFS Cybersecurity Requirements with Pratum's vCISO Security Service.

Pratum's Virtual CISO (vCISO) is your designated CISO (500.04) to oversee and implement your NYDFS cybersecurity program. Pratum's vCISO is a unique security service that delivers expert security leadership, insight, and support while functioning as an extension of your business. Your organization will be assigned a trusted information security consultant, along with a team of analysts and advisors (500.10), who will help lead your cybersecurity program.

We begin to establish your NYDFS cybersecurity program by first getting to know your organization and understanding your business objectives. From there, a plan is developed that aligns with your security needs and requirements.

NYDFS logo

On March 1, 2017, the New York Department of Financial Services (DFS) issued a regulation designed to promote the protection of customer information as well as the information technology systems of regulated entities. This regulation requires each regulated entity to assess its specific risk profile and design a program that addresses its risks in a robust fashion.

Pratum is ready to help businesses understand their cybersecurity requirements and become compliant.

Developing Your Cybersecurity Program

Your program will be unique to your organization and designed to execute security initiatives while achieving business objectives. Pratum’s vCISO team develops security programs by utilizing a combination of cybersecurity services, including the following.

Cybersecurity Program (500.02)

Pratum will establish and maintain a cybersecurity program based on a periodic risk assessment and designed to protect the confidentiality, integrity and availability of Information Systems. vCISO will assist with the implementation of policies and procedures that are designed to detect and respond to cybersecurity events, recover and restore operations and services due to the impact of cybersecurity events, and fulfill applicable regulatory reporting obligations.

Cybersecurity Policy (500.03)

Proper policy development and implementation provides employees with the knowledge they need to protect your organization against cyber-attacks. Policies must be designed to support risk management goals while maintaining business operations. Pratum’s risk assessment process involves one-on-one interaction with business leaders, allowing our consultants to fully understand your needs and draft your policies in a manner that will support your objectives.

Penetration Testing and Vulnerability Assessments (500.05)

As part of the vCISO Security Program, Pratum will conduct annual Penetration Testing of vulnerable Information Systems identified in the annual risk assessment. Along with this testing, Pratum can conduct bi-annual vulnerability assessments, including any systematic scans or reviews of information systems.

Risk Assessment (500.09)

As an integral part of NYDFS' Cybersecurity Requirements, the risk assessment must be performed before beginning the development of the cybersecurity program. Pratum's vCISO will perform the risk assessment of Information Systems. The knowledge gained through a risk assessment helps guide an organization in making rational decisions to improve security posture and aligning risk with acceptable tolerance levels.

Training and Monitoring (500.14)

Pratum offers live on-site security awareness and training sessions, recorded training videos and digital training collateral. The sessions cover topics that have been adjusted in collaboration with your organization to provide content specific to the company’s unique security needs.

Pratum's Managed XDR provides security expertise and a holistic view into network activity. Businesses are able to simplify log monitoring and management by relying on Pratum's security operations center (SOC) to deliver a managed security service that provides continuous data analysis, threat intelligence, and security incident reporting.

Incident Response Plan (500.16)

Cybersecurity incidents occur regularly. At one time or another every organization will be victim to a cyber-attack. It is how organizations plan for and react to these attacks that makes the difference. Building a solid incident response infrastructure, which includes response and remediation plans, training, communications, and management direction, will prepare your organization for all levels of security incidents.

Pratum has always been helpful in working with our team as a consult as well as an educator in the everchanging world of infomation security.


Certifications held by Pratum’s vCISO consultants and analysts.

  • Certified Information Systems Security Professional (CISSP)
  • Certified Information Security Manager (CISM)
  • Payment Card Industry Internal Security Assessor (PCI ISA)
  • Certified Ethical Hacker (C|EH)
  • Offensive Security Certified Professional (OSCP)
  • GIAC Certified Intrusion Analysts (GCIA)

Need help with
NYDFS Cybersecurity Regulations?

Complete this form for more information
or to request a proposal.

The information we track while users are on our websites helps us analyze site traffic, optimize site performance, improve our services, and identify new products and services of interest to our users. To learn more please see our Privacy Policy.