There's been so much to blog about that I ended up holding on to a story from SC Magazine that is worth reading. New York's cybersecurity regulations became effective on March 1st – these are the country's first state-mandated cybersecurity regulations regarding banking and financial services.
The regulation adapts industry best practices – such as guidelines issued by the Securities and Exchange Commission and Financial Industry Regulatory Authority (FINRA) – and contains 23 sections calling for such things as encryption of data of all non-public information, appointing a CISO, employee training in security, enhanced multifactor authentication and the yearly submission by a senior officer of a certification affirming that the company is in compliance with the regulation's requirements.
Key elements of New York State's cybersecurity regulation include:
- Establishment of a cybersecurity program
- Adoption of a written cybersecurity policy
- Mandatory chief information security officer
- Cybersecurity training for employees
- Third-party service providers risk
- Incident monitoring and reporting
- Information security audits
Under the new regulations, banks are now required to scrutinize their suppliers, and to report on breaches that affect them, Balázs Scheidler, CTO and co-founder of Balabit, told SC Media.
I am not sure how much of New York's new law is different from current federal regulations – colleagues have told me there isn't much here that isn't in the federal laws and regulations. Nonetheless, it will be interesting to see if other states move to enact similar laws.
E-mail: firstname.lastname@example.org Phone: 703-359-0700
Digital Forensics/Information Security/Information Technology