icon

Articles by tag "compliance"

5/22/2018 Compliance

Digital Edge Green Policy

Author: Danielle Johnsen (VP of Compliance)
Date: 22 May 2018
Version: 2.4

This document defines Digital Edge’s Green Policy.

5/22/2018 Compliance

Are You Ready for GDPR on May 25th?

Digital Edge is always working to stay compliant, which helps make compliance easier for your business.

5/17/2018 Compliance

Risk Driven Information Technology Organization

Or one may say Compliance Driven IT organization. As in the core of any today’s compliance lays Risk Management.

This article explains how to setup Risk Management practices for Cyber Security management. When it comes to Cyber Securty it's best to prepare for the worst-case scenario. It'll guide you on how to find ways to identify threats, face them and prepare to defend your business as well as give you templates to download to start your own risk management practice!

"The best garison is not the one that has lots of weapons but the one who has lot training."  

-M. Petrov CEO

 

5/11/2018 Compliance

Ask Our VP of Compliance: April 2018

"DFS"

Last month, many New York State Financial Institutions received their scary “Failure to File Certification of Compliance” email and were perplexed by what to do next… Don’t fear, the Digital Edge's VP of Compliance is here to answer your many many submitted questions regarding NYS Department of Financial Services Part 500 Mandatory Cybersecurity Requirements! These are the questions for this month:

2/12/2018 Newsletters

DFS - Certification of Compliance - Due 2/15/2018!

New York State Department of Financial Services recently updated its web page to indicate that any covered entities (i.e., agencies, insurance agents or insurance brokers) that already submitted their Certification of Compliance, needs to do so again after Monday, Jan. 1, 2018. 

According to the department, "The Certification of Compliance certifies that a Covered Entity complied with 23 NYCRR 500 for the entire calendar year. As such, the department only expects to receive a Certification of Compliance between January 1 and the February 15 deadline for the previous calendar year. Unless a Covered Entity is ceasing department-authorized operations before that year end, a Certification of Compliance before year end will not satisfy the requirement that a Covered Entity certify its compliance as of year-end."

The NYDFS Cyber Security Regulation (23NYCRR500) requires all New York-licensed insurance agencies, agents and brokers to file a certification of compliance, prior to Thursday, Feb. 15, 2018, and annually thereafter. The certification confirms that the licensed entity has complied with the regulation to the extent required, which includes conducting a risk assessment and developing cybersecurity programs and policies based upon that risk assessment. 

Digital Edge is an expert in ISO standards, is certified by International Standard Organization on Information Security and Quality (ISO 27001). There is a clear crosswalk between DFS law and ISO standards. Digital Edge will help to implement policies, standards and practices to cover all DFS requirements based on International Standards Organization framework.

Contact us today to further explore how our team can provide your business with an unparalleled cybersecurity solution, with our continued focus on Stability, Security, Efficiency and Compliance

For more information on this regulation and to ensure that your organization is following the critical compliance requirements, please read our most recent articles:

  1. DFS Compliance – Mandatory Cybersecurity Requirements
  2. To Do: Check List to Comply with DFS Cybersecurity Law
  3. Discover the NEW online DFS Cybersecurity Reporting Portal
  4. Exempt from DFS Cybersecurity Regulations – Now What?
1/26/2018 Newsletters

Is Your Cybersecurity Infrastructure in Compliance?

In March of 2017, the New York State Department of Financial Services’ (DFS) issued its “Part 500” - Mandatory Cybersecurity Requirements for financial services entities. Thus, requiring banks, insurers, and other financial institutions to establish and maintain a “risk-based, holistic, and robust security program” that is ultimately designed to protect consumers’ private data. Partial exemptions are provided for covered entities based on their staffing level, annual revenue, or total assets

The initial deadline for submitting an annual Certification of Compliance on February 15, 2018 is rapidly approaching, and all organizations are required to comply with DFS Part 500 Section 9, Risk Assessment by March 1, 2018

Digital Edge is an expert in ISO standards, is certified by International Standard Organization on Information Security and Quality (ISO 27001). There is a clear crosswalk between DFS law and ISO standards. Digital Edge will help to implement policies, standards and practices to cover all DFS requirements based on International Standards Organization framework.
 
Contact us today to further explore how our team can provide your business with an unparalleled cybersecurity solution, with our continued focus on Stability, Security, Efficiency and Compliance

For more information on this regulation and to ensure that your organization is following the critical compliance requirements, please read our most recent articles:

  1. DFS Compliance – Mandatory Cybersecurity Requirements
  2. To Do: Check List to Comply with DFS Cybersecurity Law
  3. Discover the NEW online DFS Cybersecurity Reporting Portal
  4. Exempt from DFS Cybersecurity Regulations – Now What?
11/30/2017 Newsletters

Digital Edge’s Managed Security – response to HIDDEN COBRA- North Korean Remote Administration Tool: FALLCHILL

The Digital Edge Security Team warns that HIDDEN COBRA actors have been using FALLCHILL malware to target IT infrastructures. DHS and FBI specified Internet Protocol (IP) addresses and other indicators of compromise (IOCs) associated with a remote administration tool (RAT) used by the North Korean government—commonly known as FALLCHILL. The U.S. Government refers to malicious cyber activity by North Korea as HIDDEN COBRA. 

HIDDEN COBRA uses dual proxy technique allowing to change vector of the attack and keep the source of the attack hidden.
 
These types of activities can have severe impacts such as data loss and disruption of operation. The Digital Edge Security Team has updated its own core infrastructure to protect our clients from possible impacts of HIDDEN COBRA and advise other IT organization to use the same practice. 

Click here for more details.

8/13/2017 Newsletters

Penetration testing. Helping clients to secure their infrastructures

Recently Digital Edge security team receives lots of requirements for an external penetration testing. We help our clients to achieve their goals. Our team would not just scan networks. We would work with our clients to resolve security concerns. We do not limit clients on number of runs to make sure that all the issues are resolved and scan comes clean. Below is a testimonail from one of our happy client.
 
“Digital Edge was a referral from a colleague in the ASCII Group professional IT consultants network.  I had a client that needed to comply with downstream vendor security requirements.  Having an independent security consultant audit my client was just what we needed.  They provided a detailed report of issues and more importantly how to fix them.  I highly recommend the Digital Edge security team to decision makers that need professional security analysis for their organizations.”
 
Brian Wheeler, Owner
Resolve Technology
 
Digital Edge security team will continue to work with IT groups to assist in ensuring safty for IT infrastructures.
 
8/4/2017 Newsletters

Discover the NEW online DFS Cybersecurity Reporting Portal

On July 31, 2017, the Department of Financial Services (DFS) has launched a new online portal to securely transmit in real time all notifications required under New York’s first-in-the-nation cybersecurity regulation. If you need assistance with registration or with any or all components of this cybersecurity framework, the Digital Edge team is available to meet your compliance needs! 

“With DFS’s leading cybersecurity regulation, the DFS cyber portal will allow New York’s financial institutions to quickly, easily, and securely report cybersecurity events and file required certifications of compliance, ensuring that the necessary safeguards are in place to protect New York consumers and financial institutions as the threat of cyber-attacks continues to increase.” - Superintendent Maria Vullo, Department of Financial Services

Filings made through the DFS Web Portal are preferred to alternative filing mechanisms as the DFS Web Portal provides a paperless reporting tool to facilitate compliance with the DFS cybersecurity regulation. Learn more about the New only DFS Cybersecurity Reporting Portal here.

Let the Digital Edge Cyber Security Team ease the burden of implementing the robust NYDFS Cybersecurity Regulation. Contact our Sales Team for your free assessment and align yourself with DFS compliance today

7/17/2017 White Papers

To Do: Check List to Comply with DFS Cybersecurity Law

It is critical for all regulated institutions that have not yet done so to move swiftly and urgently to adopt a cybersecurity program and for all regulated entities to be subject to minimum standards with respect to their programs.

The law will produce large penalties if your company is found not in compliance and Digital Edge’s Solution is here to help avoid those hefty fines.  

To Do List:

  1. Determine if you are regulated; to see how please click here.
  2. Determine if you are eligible for any of the 5 possible exemptions; to review the exceptions click here.
  3. If you are eligible for exemption, you must file the Cyber Security Notice of Exception by September 27, 2017. 
  4. Depending on your exemption category, you may still need to build a cyber security system. Click here to see how Digital Edge can help you. 
  5. By August 28, 2017, covered entities must be in compliance. 
  6. February 15, 2018, covered entities must submit first Certification of Compliance. 
     

Let's talk: 800-714-5143

Speak to a specialist