Printer Friendly

NY setting precedent for cyber regulations in financial industry.

Information-Management.com reports the state of New York is taking the lead in developing serious cybersecurity regulations, with the financial industry its first target

Effective March 1, the New York State Department of Financial Services (DFS) will require banks, insurance companies, and other DFS-regulated entities to establish a cybersecurity program that's designed to protect consumers and ensure the safety of the state's financial services industry.

The regulations will require the affected institutions to have a valid cybersecurity program in place that describes what information the organization has, who has access to it, and what is necessary to control and secure that data and its systems.

More specifically, the program must assess internal and external risks; use defensive policies to prevent unauthorized access and use; and detect, respond, recover, and report on any events. It also defines requirements for multi-factor authentication, data retention, encryption, and training and incident response.

The DFS is calling for a chief information security officer (CISO) to be responsible for implementing the program and reporting to the governing board its progress and any cyber events that have occurred. The CISO must also ensure that third-party providers have equal controls and practices to ensure protection.

Bill Noonan, who wrote the article, believes these regulations are the first of many that will come to the individual states--regulations that will eventually reach beyond the financial industry.

COPYRIGHT 2017 Association of Records Managers & Administrators (ARMA)
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2017 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Title Annotation:CYBERSECURITY
Publication:Information Management Journal
Article Type:Brief article
Geographic Code:1USA
Date:Mar 1, 2017
Words:226
Previous Article:RIM can help organizations seize GDRP opportunities.
Next Article:Internet Titans will team to detect terrorist content.
Topics:

Terms of use | Privacy policy | Copyright © 2020 Farlex, Inc. | Feedback | For webmasters