“So if we get in compliance with these requirements, we’re safe, right?”
The answer is no. Not really.
The IRS has recently issued a regulation in response to the large number of data breaches surrounding taxpayers data. It lays out the basic necessary actions needed to take to protect your data.
by: Michael Petrov
By: Michael Petrov
Vendor Management Requirements in CyberSecurity Standards
Are you in control of third-party risk? Do you have a sound vendor management department? Do you audit your suppliers?
The New York State Department of Financial Services’ (DFS) mandatory cybersecurity requirements for financial services entities became effective on March 1st, 2017, with a two-year implementation period. The regulation requires all DFS regulated entities, subject to certain exemptions, to adopt the core requirements of a cybersecurity program. The final effective date for the regulation will be March 1, 2019, by which time, under section 500.11, DFS regulated entities are required to have written policies and procedures that are based on a risk assessment to ensure the security of nonpublic information and information systems that are accessed or held by third party service providers.
DFS has come out with the dates all regulated entities and licensed persons must files various notices to the Superintendent. The final one being next month, February 15th 2019.
IT Compliance vs. IT Security : “What’s the difference?”
It is without a doubt that 2018 has become the year of IT Compliance. With so many new laws becoming effective, including EU’S GDPR, California’s Data Privacy Law, and Canada’s PIPEDA, the line between security and compliance may seem easily blurred for IT professionals. So, the question becomes: How do we produce a comprehensive security program, while ensuring that we meet compliance obligations? However, there is one problem that surfaces repeatedly, regardless of which regulatory standard (e.g., PCI, HIPAA, etc.) your company must meet, and that is failing to understand the difference between compliance and security. Sometimes organizations think that these are one and the same to the point that they become so consumed by complicated regulations that they stop focusing on security altogether. This month's edition of Ask Our VP of Compliance will address the differences between IT Compliance and IT Security:
Marriott International, a large American hotel chain, recently has had one of the largest breaches in history. This breach may have been prevented with a proper implementation of a cybersecurity system. Cybersecurity defenses protect against major attacks, ensuring no data loss. Implementing a cybersecurity system isn’t free, but the price of handling an attack is much greater.