Articles by tag "risk-assessment"

A big misunderstanding we see every day when working with clients is that security can be ensured by buying a device, or implementing a software, or changing one small thing. However, security is an ongoing process- it's an attitude. With constant threats emerging, IT security governance is imperative. Our VP of Compliance dedicates this edition to fully understanding IT Security Governance! 

"DFS"

Last month, many New York State Financial Institutions received their scary “Failure to File Certification of Compliance” email and were perplexed by what to do next… Don’t fear, the Digital Edge's VP of Compliance is here to answer your many many submitted questions regarding NYS Department of Financial Services Part 500 Mandatory Cybersecurity Requirements! These are the questions for this month:

• I thought I was exempt and now I’m being notified that I’m PAST DUE, what do I do next?
• Where do I find a sample Certificate of Compliance? Do I have to create my own?
• What does Entity ID mean on the portal?
• Should I file this certificate if we are not yet in compliance with all applicable requirements of Part 500?
• This law requires me to report any cyber-security breach, is there a particular time frame?
• Are all Third-Party Service Providers required to implement Multi-Factor Authentication and encryption when dealing with a Covered Entity?
• What constitutes "continuous monitoring" for purposes of 23 NYCRR 500.05?