23 NYCRR 500 Cybersecurity Regulation
Cybersecurity vulnerabilities are a constantly growing concern, and it’s increasingly important for organizations to adopt formalized cybersecurity programs. Compromised information, whether in the hands of organized crime or rogue individuals, can seriously impact the security of employees, the company, and most importantly, customers. This growing threat presents a double challenge for organizations, which must manage both the threat itself and ensure compliance with New York cybersecurity regulations, including 23 NYCRR 500.
What is 23 NYCRR 500?
23 NYCRR 500 is a cybersecurity regulation passed by the New York State Department of Financial Services (DFS) in early 2017. According to their website, the purpose of the NYDFS cybersecurity regulations is to “promote the protection of customer information as well as the information technology systems of related entities.”
The New York cybersecurity regulations are applicable to all companies under NYDFS supervision, including state-chartered banks, charitable foundations, credit unions, insurance companies, etc.
To follow the NYDFS cybersecurity regulations, companies are now required to “assess its specific risk profile and design a program that addresses its risks in a robust fashion.” Additionally, senior management must “be responsible for the organization’s cybersecurity program and file an annual certification confirming compliance with this regulations.”
Specific 23 NYCRR 500 cybersecurity requirements include (but are not limited to):
- Risk assessments to inform the program’s design
- Identification and assessment of external cybersecurity risks
- Controls, policies, and procedures for mitigating those risks
- Fulfillment of regulatory reporting requirements
The LogicManager Platform Provides:
LogicManager provides all customers with prebuilt, configurable risk and readiness libraries. The readiness library breaks regulations into specific requirements, making it easy to determine which are fulfilled by your current processes and which require additional attention to ensure you meet all cybersecurity requirements for financial services companies.
For each of the New York cybersecurity regulations and requirements, indicate whether it has been fulfilled or not, provide a summary of associated processes, and pull in specific mitigation activities already catalogued in the system. New York cybersecurity requirements that are not met can then be assigned to the individuals/groups that are best equipped to handle them.
By breaking both 23 NYCRR 500 and internal policies into manageable components, then assigning accountability to the most appropriate parts of your organization, LogicManager simplifies the compliance process. Cybersecurity requirements for financial services companies are constantly changing and policies serve no benefit unless you are able to operationalize them quickly and efficiently.
Other capabilities include:
- Risk library. Our customizable risk library, broken into five main root-cause categories – is the foundation of risk assessments, a staple of effective risk management. Utilize our 23 NYCRR 500 risk assessment to ensure compliance.
- Change management capabilities. Receive automatic notifications when any NYDFS regulations are amended to ensure 23 NYCRR 500 compliance.
- Internal alerts. Schedule notifications and email-integrated tasks for assessments, tests, and surveys.
- Integration. LDAP, SSO technology, API integration, and data upload functionalities.
- Robust reporting capabilities. Create detailed, customizable risk reports and dashboards for both senior leadership and regulators like the Department of Financial Services.