23 NYCRR 500 - What You Need to Know - PowerPoint PPT Presentation

About This Presentation
Title:

23 NYCRR 500 - What You Need to Know

Description:

Financial institutions & services are the main targets for hackers these days. It’s increasingly becoming a problem year after year. With the increasing occurrence of cybersecurity attacks, new regulation proposals are in work (23 NYCRR500 compliance). – PowerPoint PPT presentation

Number of Views:13

less

Transcript and Presenter's Notes

Title: 23 NYCRR 500 - What You Need to Know


1
23 NYCRR 500 What You Need to Know
2
Financial institutions services are the main
targets for hackers these days. Its increasingly
becoming a problem year after year. With the
increasing occurrence of cybersecurity attacks,
new regulation proposals are in work (23 NYCRR500
compliance). It needs all financial institutes
services in NY to authenticate their
cybersecurity preventative measures in the form
of a report known as Certification of Compliance.
The objective of this regulation is to protect
private sensitive data of consumers from
illicit individuals who can utilize it in a
spiteful way, such as holding back the info for
reimbursement (ransomware attack) or making use
of the sensitive data to conduct an offense, for
example, securities scams or funding a terrorist
union. However, some entities dont have to abide
by these regulations, for example, entities with
fewer than ten workers, including autonomous
contractors. 23 NYCRR 500 Compliance has many
requirements that financial institutions in NY
should abide by. Here are some of the major
requirements
Set up a Cybersecurity program
The program should include guidelines for how
theyll spot cybersecurity occurrences, detect
risks, and how the policies and procedures will
be implemented to thwart unlawful access to
company and consumer data.
3
Appoint a CISO (Chief Information Security
Officer)
Financial entities that are regulated should
appoint a Chief Information Security Officer
wholl be accountable for implementing the
cybersecurity program, imposing its guidelines,
and supervising the program. The officer should
report critical info like the summary of
cybersecurity events, recognition of cyber
vulnerabilities, and information systems privacy
evaluations, to the board a minimum of two times
a year.
Set up 3rd-party specific guidelines
It is critical for covered entities to prepare
guidelines that are precise to compliance
procedures for 3rd parties, such as affiliates or
vendors.
Training
Ransomeware DDoS attacks are an increasing
cause of concern for businesses, both large and
small. This is why training employees is a
critical part of the compliance regulation,
particularly since study shows that the majority
of sources of cyber breaches can be accredited to
workers third parties whove access to company
and consumer data. Hence, training is an
essential component of the requirements of 23
NYCRR 500. Read Continue
4
Compciti Business Solutions Inc. 261 West 35th
Street, Suite 603 New York, NY 10001 Phone
(212) 594-4374 Fax (212) 594-6714 https//compc
iti.com/contact/
Write a Comment
User Comments (0)
About PowerShow.com