NY setting precedent for cyber regulations in financial industry.
Information-Management.com reports the state of New York is taking the lead in developing serious cybersecurity regulations, with the financial industry its first target
Effective March 1, the New York State Department of Financial Services (DFS) will require banks, insurance companies, and other DFS-regulated entities to establish a cybersecurity program that's designed to protect consumers and ensure the safety of the state's financial services industry.
The regulations will require the affected institutions to have a valid cybersecurity program in place that describes what information the organization has, who has access to it, and what is necessary to control and secure that data and its systems.
More specifically, the program must assess internal and external risks; use defensive policies to prevent unauthorized access and use; and detect, respond, recover, and report on any events. It also defines requirements for multi-factor authentication, data retention, encryption, and training and incident response.
The DFS is calling for a chief information security officer (CISO) to be responsible for implementing the program and reporting to the governing board its progress and any cyber events that have occurred. The CISO must also ensure that third-party providers have equal controls and practices to ensure protection.
Bill Noonan, who wrote the article, believes these regulations are the first of many that will come to the individual states--regulations that will eventually reach beyond the financial industry.
|Printer friendly Cite/link Email Feedback|
|Publication:||Information Management Journal|
|Article Type:||Brief article|
|Date:||Mar 1, 2017|
|Previous Article:||RIM can help organizations seize GDRP opportunities.|
|Next Article:||Internet Titans will team to detect terrorist content.|