Cybersecurity, Exercises and Financial Services

NYDFS releases major update to Part 500 cybersecurity requirements for financial services companies

Data Protection Report

NOVEMBER 8, 2023

On November 1, 2023, the New York Department of Financial Services (“NYDFS”) released the finalized amendments of Part 500 of its cybersecurity regulations. This notice requirement explicitly applies to cybersecurity incidents occurring to the covered entity itself, its affiliates, or a third-party service provider.

Financial Services

Financial Services Cybersecurity Compliance Government

NYDFS Amends Cybersecurity Rules for Financial Services Companies

Hunton Privacy

NOVEMBER 23, 2022

On November 9, 2022, the New York Department of Financial Services (NYDFS) released its second, proposed amendments to the Part 500 Cybersecurity Rule. The proposed amendments revise several aspects of the draft Cybersecurity Rule amendments released on July 29, 2022. Cybersecurity Plan.

Financial Services

Financial Services Cybersecurity Ransomware Compliance

Proposed Amendments to NY Financial Services Cybersecurity Regulations Impose New Obligations on Large Entities, Boards of Directors and CISOs

Hunton Privacy

AUGUST 15, 2022

On July 29, 2022, the New York Department of Financial Services (“NYDFS”) posted proposed amendments (“Proposed Amendments”) to its Cybersecurity Requirements for Financial Services Companies (“Cybersecurity Regulations”).

Financial Services

Financial Services Cybersecurity Risk Passwords

Webinars

Improving the Accuracy of Generative AI Systems: A Structured Approach

MORE WEBINARS

NYDFS Proposes Updated Second Amendment to Its Cybersecurity Regulation

Hunton Privacy

JULY 5, 2023

On June 28, 2023, the New York Department of Financial Services (“NYDFS”) published an updated proposed Second Amendment (“Amendment”) to its Cybersecurity Regulation, 23 NYCRR Part 500. On November 9, 2022, NYDFS published a first draft of the proposed Amendment and received comments from stakeholders over a 60-day period.

Cybersecurity

Cybersecurity IT Compliance Financial Services

U.S. and Foreign Cybersecurity and Intelligence Agencies Recommend Measures to Counteract Threat of Russian Cyberattacks

Data Matters

JANUARY 28, 2022

Other government agencies, like the New York Department of Financial Services and the Federal Trade Commission, are also increasingly focused on the need for broad implementation of MFA. Like an incident response plan, MFA has become a critical element of cybersecurity programs.

Cybersecurity

Cybersecurity Financial Services Authentication Government

New York hospitals have new cybersecurity requirements

Data Protection Report

OCTOBER 23, 2024

On October 2, 2024, the New York State Department of Health (DOH) published a new cybersecurity regulation (10 NYCRR 405.46) for all general hospitals licensed pursuant to article 28 of the Public Health Law. The 72-hour notification requirement is similar to the NYDFS regulation.

Cybersecurity

Cybersecurity Risk Access Financial Services

NYDFS proposes significant cybersecurity regulation amendments

Data Protection Report

NOVEMBER 14, 2022

On November 9, 2022, the New York Department of Financial Services (NYDFS) officially proposed changes to its cybersecurity regulation and opened a 60-day public comment period. Notice of Cybersecurity Event. NYDFS had issued a “pre-proposed” version of the changes in July of this year, which we had summarized here.

Cybersecurity

Cybersecurity Passwords Risk Compliance

ICYMI – Late December in privacy and cybersecurity

Data Protection Report

JANUARY 30, 2023

the country in which Processing occurs e. the identity of Affiliates, Processors, or Third-Parties Personal Data is shared with f. methods by which Consumers can exercise their Data Rights request; or g. Processing purposes.

Privacy

Privacy Cybersecurity Personal data Insurance

NYDFS proposes significant cybersecurity regulation amendments

Data Protection Report

AUGUST 11, 2022

On July 29, 2022, the New York Department of Financial Services (NYDFS) announced a “pre-proposed outreach” of material proposed changes to almost every section of its cybersecurity regulations, and would affect each entity covered by the current regulations of 23 NYCRR Part 500. Cybersecurity Risk Assessments.

Cybersecurity

Cybersecurity Risk Passwords Compliance

NYDFS Issues Ransomware Guidance Outlining Expected Security Controls

Hunton Privacy

JULY 12, 2021

On June 30, 2021, the New York State Department of Financial Services (“NYDFS,” the “Department”) issued guidance to all New York state regulated entities on ransomware (the “Guidance”), identifying controls it expects regulated companies to implement whenever possible.

Ransomware

Ransomware Security Financial Services Cybersecurity

(Discussion Recap) A Perfect Storm? Panel Discussion on Handling a Cybersecurity Incident

HL Chronicle of Data Protection

MARCH 16, 2020

On Tuesday, 3 March 2020, we welcomed our financial services clients in London to a lively panel event, which covered the multitude of issues which arise in a cybersecurity incident. Lessons learnt from tabletop exercises and from actual incidents can then be incorporated into the incident response plan. Peter Marta.

Cybersecurity

Cybersecurity Financial Services Risk Insurance

Security Affairs newsletter Round 450 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

DECEMBER 17, 2023

CISA and ENISA enhance their Cooperation CISA adds Qlik bugs to exploited vulnerabilities catalog Report: 2.6 CISA and ENISA enhance their Cooperation CISA adds Qlik bugs to exploited vulnerabilities catalog Report: 2.6

Security

Security Data breaches Ransomware Artificial Intelligence

Cybersecurity: Managing Risks With Third Party Companies

Cyber Info Veritas

JULY 19, 2018

This is according to a recent survey conducted by Soha Systems, and according to one of the speeches delivered by the Superintendent of the New York State Department of Financial Services, Mr. Benjamin Lawsky, “ A company’s cybersecurity is only as strong as the cybersecurity of its third-party vendors ”.

Risk

Risk Cybersecurity Compliance Data breaches

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

HL Chronicle of Data Protection

MAY 13, 2019

In the past two years, multiple state bills that have been introduced in the US to provide for cybersecurity requirements and standards to the insurance sector, with recent legislative activity taking place in particular within the States of Ohio, South Carolina, and Michigan. NYDFS: Setting a new bar for state cybersecurity regulation.

Insurance

Insurance Cybersecurity Data breaches Financial Services

You’re Invited to an In-Person Event: CCPAnow: Understanding the Challenge Ahead and What You Should Be Doing Now

HL Chronicle of Data Protection

APRIL 1, 2019

Join members of the Hogan Lovells Privacy and Cybersecurity team for our CCPA now program, a valuable opportunity to explore the questions that you need to address now in order to be ready. How will the financial incentives and anti-discrimination provisions actually work when consumers exercise their rights?

Sales

Sales Financial Services Privacy Compliance

Rock the Blockchain: Thales and DigiCert Secure the Data

Thales Cloud Protection & Licensing

SEPTEMBER 15, 2021

It’s not hard to understand why companies are exercising diligence when selecting a data protection solution. A number of their industry partners, including IBM, Oracle, financial service providers, and others, use Hyperledger Fabric. The needs are loud and clear: make it automated, and straightforward.

Blockchain

Blockchain Security Authentication Compliance

CISA issues proposed rules for cyber incident reporting in critical infrastructure

Data Protection Report

APRIL 9, 2024

On March 27, 2024, the Cybersecurity and Infrastructure Security Agency (“CISA”) published a Notice of Proposed Rulemaking for the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (“CIRCIA”), which imposes new reporting requirements for entities operating in critical infrastructure sectors.

Ransomware

Ransomware Agriculture Cybersecurity Government

The Privacy Officers’ New Year’s Resolutions

Data Protection Report

JANUARY 6, 2020

The New York State Department for Financial Services regulations require covered entities to have appropriate record retention policies and procedures and the CCPA provides an extra incentive to implement proper information governance to minimise the costs data access requests. In the U.S., Be one step ahead.

Privacy

Privacy GDPR Data breaches Risk

“Am I a CII operator?” – New regulation in China provides more clarity

Data Protection Report

AUGUST 18, 2021

In addition, some companies have received an official notice that it is a CII, but we expect more to come so companies operating in sensitive or highly regulated sectors like energy, financial services, and telecoms should be aware that the issuance of a notice still remains a possibility.

Financial Services

Financial Services Data collection Security Communications

SEC Requests Comment on Regulation of Information Providers Under the U.S. Investment Advisers Act

Data Matters

JUNE 24, 2022

The definition generally includes three elements for determining whether a person is an investment adviser: (i) The person provides advice, or issues analyses or reports, concerning securities; (ii) the person is in the business of providing such services; and (iii) the person provides such services for compensation. 2, 1987).

Marketing

Marketing Financial Services Security Analytics

Living in a data sovereign world

IBM Big Data Hub

OCTOBER 16, 2023

The focus is on the ability to exercise control, make decisions and enforce legal and regulatory obligations related to the data, regardless of its physical location. Data sovereignty can increase cybersecurity risks, particularly if data is stored in a single location or jurisdiction.

Cloud

Cloud Compliance Data Privacy Privacy

The Privacy Officers’ New Year’s Resolutions

Data Protection Report

JANUARY 6, 2020

The New York State Department for Financial Services regulations require covered entities to have appropriate record retention policies and procedures and the CCPA provides an extra incentive to implement proper information governance to minimise the costs data access requests. In the U.S., Be one step ahead.

Privacy

Privacy GDPR Data breaches Risk

The Hacker Mind Podcast: EP 69 Self-Healing Operating Systems

ForAllSecure

APRIL 19, 2023

Michael Coden, Associate Director, Cybersecurity, MIT Sloan, along with Michael Stonebreaker will present this novel concept at RSAC 2023. I'm currently associate director and co founder of MIT cybersecurity Research Consortium, which is called cybersecurity. I was the head of the cybersecurity practice.

Analytics

Analytics Communications Computer and Electronics IT

Nation-State-Sponsored Attacks: Not Your Grandfather’s Cyber Attacks

Data Matters

MAY 17, 2022

Statement by President Biden on our Nation’s Cybersecurity (March 21, 2022). Defense Information Technology , Cybersecurity & Infrastructure Sec. In response, the Biden Administration has made cybersecurity defense a key agenda item. Strengthening American Cybersecurity Act of 2022, S. Agency (Feb. 14,028, 86 Fed.

Cybersecurity

Cybersecurity Government Authentication Ransomware

The Hacker Mind: MITRE ATT&CK Evaluations

ForAllSecure

MAY 4, 2021

Duff: What MITRE does is provide usually high level understanding to our government customers on problems that they face, and that can range anything from work we do with the FAA to work we do with the NCC OE so the National Cybersecurity Center of Excellence, which is operated by NIST, a variety of programs in between.

Government

Government IT Access Analytics

The Hacker Mind: MITRE ATT&CK Evaluations

ForAllSecure

MAY 4, 2021

Duff: What MITRE does is provide usually high level understanding to our government customers on problems that they face, and that can range anything from work we do with the FAA to work we do with the NCC OE so the National Cybersecurity Center of Excellence, which is operated by NIST, a variety of programs in between.

Government

Government IT Access Analytics

Information Management Today

NYDFS releases major update to Part 500 cybersecurity requirements for financial services companies

NYDFS Amends Cybersecurity Rules for Financial Services Companies

Webinars

Trending Sources

Proposed Amendments to NY Financial Services Cybersecurity Regulations Impose New Obligations on Large Entities, Boards of Directors and CISOs

Webinars

NYDFS Proposes Updated Second Amendment to Its Cybersecurity Regulation

U.S. and Foreign Cybersecurity and Intelligence Agencies Recommend Measures to Counteract Threat of Russian Cyberattacks

New York hospitals have new cybersecurity requirements

NYDFS proposes significant cybersecurity regulation amendments

ICYMI – Late December in privacy and cybersecurity

NYDFS proposes significant cybersecurity regulation amendments

NYDFS Issues Ransomware Guidance Outlining Expected Security Controls

(Discussion Recap) A Perfect Storm? Panel Discussion on Handling a Cybersecurity Incident

Security Affairs newsletter Round 450 by Pierluigi Paganini – INTERNATIONAL EDITION

Cybersecurity: Managing Risks With Third Party Companies

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

You’re Invited to an In-Person Event: CCPAnow: Understanding the Challenge Ahead and What You Should Be Doing Now

Rock the Blockchain: Thales and DigiCert Secure the Data

CISA issues proposed rules for cyber incident reporting in critical infrastructure

The Privacy Officers’ New Year’s Resolutions

“Am I a CII operator?” – New regulation in China provides more clarity

SEC Requests Comment on Regulation of Information Providers Under the U.S. Investment Advisers Act

Living in a data sovereign world

The Privacy Officers’ New Year’s Resolutions

The Hacker Mind Podcast: EP 69 Self-Healing Operating Systems

Nation-State-Sponsored Attacks: Not Your Grandfather’s Cyber Attacks

The Hacker Mind: MITRE ATT&CK Evaluations

The Hacker Mind: MITRE ATT&CK Evaluations

Stay Connected