All Articles

Author: Danielle Johnsen (VP of Compliance)
Date: 22 May 2018
Version: 2.4

This document defines Digital Edge’s Green Policy.

Digital Edge is always working to stay compliant, which helps make compliance easier for your business.

Author: Danielle Johnsen (VP of Compliance)
Date: 21 May 2018
Version: 1.1

This document defines Digital Edge’s policy on General Data Protection Regulation of European Union and is based and principles.

A small collage of the DE team throughout the years at our own events!

Or one may say Compliance Driven IT organization. As in the core of any today’s compliance lays Risk Management.

This article explains how to setup Risk Management practices for Cyber Security management. When it comes to Cyber Securty it's best to prepare for the worst-case scenario. It'll guide you on how to find ways to identify threats, face them and prepare to defend your business as well as give you templates to download to start your own risk management practice!

"The best garison is not the one that has lots of weapons but the one who has lot training."  

-M. Petrov CEO

We have a hard working team that devotes their time, energy and dedication to our clients, partners and projects. We couldn't be more proud of our crew in action!

"DFS"

Last month, many New York State Financial Institutions received their scary “Failure to File Certification of Compliance” email and were perplexed by what to do next… Don’t fear, the Digital Edge's VP of Compliance is here to answer your many many submitted questions regarding NYS Department of Financial Services Part 500 Mandatory Cybersecurity Requirements! These are the questions for this month:

• I thought I was exempt and now I’m being notified that I’m PAST DUE, what do I do next?
• Where do I find a sample Certificate of Compliance? Do I have to create my own?
• What does Entity ID mean on the portal?
• Should I file this certificate if we are not yet in compliance with all applicable requirements of Part 500?
• This law requires me to report any cyber-security breach, is there a particular time frame?
• Are all Third-Party Service Providers required to implement Multi-Factor Authentication and encryption when dealing with a Covered Entity?
• What constitutes "continuous monitoring" for purposes of 23 NYCRR 500.05?

Have you noticed that the most recent reports of email scams seem to be more personal/targeted attacks? Do you feel that scammers know you? That’s because they do know you.Office 365 gives malicious agents a way to spy on you. If you don’t believe us, just google it yourself and you will see reports of Office365 vulnerabilities, hacks and exposures. Just type “Office365 security vulnerabilities” and skip paid ads section. 
 
Do you use Office365? If the answer is yes, Digital Edge would like to raise awareness to you regarding a new upcoming way of being hacked and then being under surveillance through your email. The majority of people use Office365 without the thought of being hacked ever crossing their minds. Because of this, it is very easy to become victim to these attackers. And there have been very serious, very extreme cases of people and companies losing thousands of dollars to these attackers.

This past weekend (March 3-4th) Digital Edge passed another ISO 27001:2013 Information Technology Security Management System Requirements surveillance audit!  Our ISO Certification is up to date with no interruptions or non-conformities! We would like to thank our staff and support for dedicating their time in getting certified. Digital Edge is an expert in ISO standards, we offer assistance in ISO Certification for companies that need to stay in compliance. 

The Digital Edge Security and Compliance Team can assist your business to implement policies, standards and practices based on International Standards Organization framework! Contact us today to further explore how our team can provide your business with an unparalleled cybersecurity solution, with our continued focus on Stability, Security, Efficiency and Compliance.

Last Wednesday, February 21st, The U.S. Securities and Exchange Commission (SEC) unanimously approved a new guidance calling on public companies to be more forthcoming when disclosing cybersecurity risks, even before a breach or attack happens. The statement, which expands on previous guidance issued in 2011, also warns that corporate insiders must not trade shares when they have information about cybersecurity issues that isn’t public yet. The guidance provides the Commission’s views about public companies’ disclosure obligations under existing law with respect to matters involving cybersecurity risk and incidents.  It also addresses the importance of cybersecurity policies and procedures and the application of disclosure controls and procedures, insider trading prohibitions, and Regulation FD and selective disclosure prohibitions in the cybersecurity context. Learn more about this guidelines here! 

Digital Edge is an expert in ISO standards, and is certified by International Standard Organization on Information Security and Quality (ISO 27001). The Digital Edge Security and Compliance Team can assist your business to implement policies, standards and practices that not only meet the SEC guidance but exceed these recommendations by providing clients with cybersecurity policies and procedures based on International Standards Organization framework.

Contact us today to further explore how our team can provide your business with an unparalleled cybersecurity solution, with our continued focus on Stability, Security, Efficiency and Compliance.