Articles by tag "cybersecurity"

Overview of the Federal Trade Commission in regards to cybersecurity:

• Does the US have federal cybersecurity laws that apply generally?
• What does the FTC require in a nutshell?
• How can I make sure my company is in compliance?

“HiTRUST: Burdensome, But Worth It if You Have the Resources”

For the past few months the challenges facing the country’s medical infrastructure has been all over the news. Mostly these issues have focused on medical supplies and capacity, but as with any organization the IT needs of these medical facilities are also of the utmost criticality.

Free Cybersecurity Strategies for the Homebound

Well, April is almost over, and most of us are still teleworking from home. Last month I discussed some basic requirements for working remotely, and given that the coronavirus pandemic is still very much affecting our working lives, I’ve decided that this month it would be good to build on some of the concepts introduced last month.

The importance of risk training. 

“So if we get in compliance with these requirements, we’re safe, right?”

The answer is no. Not really.

The IRS has recently issued a regulation in response to the large number of data breaches surrounding taxpayers data. It lays out the basic necessary actions needed to take to protect your data.

by: Michael Petrov

Vendor Management Requirements in CyberSecurity Standards

Are you in control of third-party risk? Do you have a sound vendor management department? Do you audit your suppliers?

The New York State Department of Financial Services’ (DFS) mandatory cybersecurity requirements for financial services entities became effective on March 1st, 2017, with a two-year implementation period. The regulation requires all DFS regulated entities, subject to certain exemptions, to adopt the core requirements of a cybersecurity program. The final effective date for the regulation will be March 1, 2019, by which time, under section 500.11, DFS regulated entities are required to have written policies and procedures that are based on a risk assessment to ensure the security of nonpublic information and information systems that are accessed or held by third party service providers. 

DFS has come out with the dates all regulated entities and licensed persons must files various notices to the Superintendent. The final one being next month, February 15th 2019.