CyberCompass™ now includes the NYDFS security risk assessment required by all New York financial entities. The NYDFS Cybersecurity Regulation (23 NYCRR 500) is “designed to promote the protection of customer information as well as the information technology systems of regulated entities”. This regulation requires each company to conduct a risk assessment and then implement a program with security controls for detecting and responding to cyber events.
The NYDFS has supervisory power over banks, insurance companies, and other financial service companies. More specifically, they supervise the following covered entities:
- Credit Unions
- Health Insurers
- Investment Companies
- Licensed Lenders
- Life Insurance Companies
- Mortgage Brokers
- Savings and Loans Associations
- Private Bankers
- Offices of Foreign Banks
- Commercial Banks
There are some exceptions to entities that have to meet the regulations.
NYDFS requires entities to complete the following:
- NYDFS security risk assessment
- Audit Trail including updated policy and procedures
- Incident Response Plan
A faster way for your NYDFS security risk assessment
CyberCompass™ automates the numerous steps to completing a risk assessment with its on-demand, cloud-base software so a NYDFS security risk assessment can be completed in 70% less time. It offers the unique feature to go beyond technology for information security and add the people, process and vendor compliance for information security. CyberCompass™ offers HIPAA, GDPR, and CIS-20 assessments available so financial institution impacted by NYDFS can also complete multiple assessments with one tool in less time.
“We expect what is happening in New York to happen across the country,” stated Robert Felps, CEO. “We have engineered CyberCompass to help companies meet regulations faster and require less work hours through built-in expertise and automated workflow.”
| Steps necessary to complete Security Risk Assessments | How CyberCompass™ automates workflow to complete a security risk assessment with its built-in expertise. |
| 1. Identify threats and vulnerabilities | By answering our online, on demand risk assessment survey. The questions have been specifically tailored and written in simple language to meet the NYDFS regulations and combined our cyber security risk expertise to assess your employees, processes, technologies and vendors. |
| 2. Qualify the extent of the risk | By answering our online, on demand risk assessment survey. The questions have been specifically tailored and written in simple language to meet the NYDFS regulations and combined our cyber security risk expertise to assess your employees, processes, technologies and vendors. |
| 3. Mitigate the risks to reduce them to an agreed and acceptable level | CyberCompass™ automatically provides the corrective actions with a step by step guide that helps you ‘terminate’ the risk by eliminating it entirely, ‘treat’ the risk by applying security controls, ‘transfer’ the risk to a third party, or ‘tolerate’ the risk. |
| 4. Update policies and procedures | CyberCompass™ has a built-in template to provide you a complete set of policies and procedures. |
| 5. Create incident response plan | A unique feature, only CyberCompass™ can create the required incident response plan |
| 6. Review, monitor and audit. | Utilizing CyberCompass™ software subscription and built in notifications, CyberCompass™ empowers you to manage cyber risk in one place across the entire organization. |
To learn more about all of the requirements for NYDFS Reg 500, visit our page. Whether you need a complete security program or just to supplement what you’re missing, we have a package that can work for you.
