Data, Exercises, Financial Services and Security

NYDFS releases major update to Part 500 cybersecurity requirements for financial services companies

Data Protection Report

NOVEMBER 8, 2023

On November 1, 2023, the New York Department of Financial Services (“NYDFS”) released the finalized amendments of Part 500 of its cybersecurity regulations. The new rules provide more details on how the senior governing body of the covered entity is expected to exercise oversight of its cybersecurity risk management.

Financial Services

Financial Services Cybersecurity Compliance Government

NYDFS Amends Cybersecurity Rules for Financial Services Companies

Hunton Privacy

NOVEMBER 23, 2022

On November 9, 2022, the New York Department of Financial Services (NYDFS) released its second, proposed amendments to the Part 500 Cybersecurity Rule. Covered Entities must have a monitoring process that ensures prompt notification of any new security vulnerabilities. Cybersecurity Governance.

Financial Services

Financial Services Cybersecurity Ransomware Compliance

Security Affairs newsletter Round 450 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

DECEMBER 17, 2023

Every week the best security articles from Security Affairs are free for you in your email box. A new round of the weekly SecurityAffairs newsletter arrived! Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Security

Security Data breaches Ransomware Artificial Intelligence

Webinars

Improving the Accuracy of Generative AI Systems: A Structured Approach

MORE WEBINARS

Proposed Amendments to NY Financial Services Cybersecurity Regulations Impose New Obligations on Large Entities, Boards of Directors and CISOs

Hunton Privacy

AUGUST 15, 2022

On July 29, 2022, the New York Department of Financial Services (“NYDFS”) posted proposed amendments (“Proposed Amendments”) to its Cybersecurity Requirements for Financial Services Companies (“Cybersecurity Regulations”). As part of the “training and monitoring” requirements under Section 500.14 Additional Requirements.

Financial Services

Financial Services Cybersecurity Risk Passwords

Why you should keep data observability separate from data cleansing

Collibra

MAY 16, 2022

As a principal for data quality, I enjoy taking time to work with our customer base. These organizations demonstrate perspectives and prioritization that show great promise in the industry of data. . For financial services, data governance found its roots in risk. Cyber Security.

Government

Government Risk Financial Services Access

Rock the Blockchain: Thales and DigiCert Secure the Data

Thales Cloud Protection & Licensing

SEPTEMBER 15, 2021

Rock the Blockchain: Thales and DigiCert Secure the Data. It’s a staggering statistic, but 39% of companies are still not using robust data security measures. billion data records were breached, quadrupling in 2020 to 36 billion globally. With risks so high, what is the hold up on implementing security?

Blockchain

Blockchain Security Authentication Compliance

NYDFS Issues Ransomware Guidance Outlining Expected Security Controls

Hunton Privacy

JULY 12, 2021

On June 30, 2021, the New York State Department of Financial Services (“NYDFS,” the “Department”) issued guidance to all New York state regulated entities on ransomware (the “Guidance”), identifying controls it expects regulated companies to implement whenever possible.

Ransomware

Ransomware Security Financial Services Cybersecurity

U.S. and Foreign Cybersecurity and Intelligence Agencies Recommend Measures to Counteract Threat of Russian Cyberattacks

Data Matters

JANUARY 28, 2022

The advisory was promptly endorsed by the National Cyber Security Centre, a division of Government Communications Headquarters (“GCHQ”), a UK intelligence agency. Create, Maintain, and Exercise a Cyber Incident Response, Resilience, and Continuity of Operations Plan.

Cybersecurity

Cybersecurity Financial Services Authentication Government

Deploying applications built in external CI through IBM Cloud DevSecOps

IBM Big Data Hub

OCTOBER 10, 2023

These attacks are even more detrimental in critical systems, which include IT infrastructure and financial services organizations. IBM Cloud for Financial Services This is where IBM Cloud for Financial Services shines—it helps clients to fill that gap by supporting innovation while guaranteeing security and compliance.

Cloud

Cloud Financial Services Compliance Risk

Living in a data sovereign world

IBM Big Data Hub

OCTOBER 16, 2023

As the world continues to become a globally connected ecosystem, data fluidity has sparked national and international conversations around notions of data and digital sovereignty. First, we must understand how data sovereignty came to be. What is data sovereignty?

Cloud

Cloud Compliance Data Privacy Privacy

NYDFS Proposes Updated Second Amendment to Its Cybersecurity Regulation

Hunton Privacy

JULY 5, 2023

On June 28, 2023, the New York Department of Financial Services (“NYDFS”) published an updated proposed Second Amendment (“Amendment”) to its Cybersecurity Regulation, 23 NYCRR Part 500. On November 9, 2022, NYDFS published a first draft of the proposed Amendment and received comments from stakeholders over a 60-day period.

Cybersecurity

Cybersecurity IT Compliance Financial Services

EU data governance regulation – a wave of digital, regulatory and antitrust reform begins – Part 1

Data Protection Report

DECEMBER 17, 2020

On 25 November 2020, the European Commission ( EC ) published its proposed Data Governance Regulation (the DGR ), which will create a new legal framework to encourage the development of a European single market for data. What are the objectives of the Data Governance Regulation?

Government

Government Personal data Marketing Artificial Intelligence

New York hospitals have new cybersecurity requirements

Data Protection Report

OCTOBER 23, 2024

The regulation includes elements of both the Health Insurance Portability and Accountability Act (HIPAA) and the New York Department of Financial Services (NYDFS) cybersecurity regulation. The regulation also requires that the hospital’s cybersecurity policies address data governance and classification.

Cybersecurity

Cybersecurity Risk Access Financial Services

What (currently ignored) privacy area might result in early enforcement action when the GDPR is in force?

Data Protector

JANUARY 29, 2017

We have 480 days to go before the General Data Protection Regulation is “in force”. And also, what standard of evidence is necessary to be generated, just in case privacy regulators exercise their Article 30(4) right to request it. Perhaps this will be a task for the Data Protection Board. And then what? I think not.

GDPR

GDPR Privacy Compliance Personal data

(Discussion Recap) A Perfect Storm? Panel Discussion on Handling a Cybersecurity Incident

HL Chronicle of Data Protection

MARCH 16, 2020

On Tuesday, 3 March 2020, we welcomed our financial services clients in London to a lively panel event, which covered the multitude of issues which arise in a cybersecurity incident. The incident response plan should be tested in tabletop exercises involving the individuals and teams who would be involved in a real-world incident.

Cybersecurity

Cybersecurity Financial Services Risk Insurance

“Am I a CII operator?” – New regulation in China provides more clarity

Data Protection Report

AUGUST 18, 2021

China’s Cyber Security Law ( CSL ), enacted in 2016, requires operators of critical information infrastructure ( CII ) to follow a number of enhanced security obligations, including storing within China all personal information and important data collected or generated during their operations in China.

Financial Services

Financial Services Data collection Security Communications

Assessing the Impact of the Barbados’ Proposed Data Protection Bill on the Barbadian Private Sector

Data Matters

SEPTEMBER 24, 2019

Today, more than 120 countries have privacy and data protection laws or regulations in place. Many of the new or modernized laws tend to be based on comprehensive legislation, rather than sectoral rules, as data needs to move across industry groups and borders. An Overview of the BDPA.

Personal data

Personal data GDPR Data Privacy Privacy

The Privacy Officers’ New Year’s Resolutions

Data Protection Report

JANUARY 6, 2020

2020 could well be a year of data export turmoil – so brace yourself! Although the AG’s view was that the SCCs are valid, he suggested that those using them would need to examine the national security laws of the data importer’s jurisdiction to determine whether they can in fact comply with the terms of the SCCs.

Privacy

Privacy GDPR Data breaches Risk

Security in the finance sector: Whose role is it anyway?

CGI

OCTOBER 25, 2015

Security in the finance sector: Whose role is it anyway? Thomson Reuters was recently quoted as saying, “Increased regulation isn’t just a temporary challenge for global financial institutions—it’s the new reality.”. Finance service providers. Mon, 10/26/2015 - 01:33.

IT

IT Security Digital transformation Compliance

The Economy of Things: the next value lever for telcos

IBM Big Data Hub

JULY 11, 2023

These IoT connected devices form a critical backbone of data for industry. But what if those devices—and their data—are unlocked to autonomously share, monetize and transact on their own generated value? And what is the role telecommunications service providers play in enabling and scaling the EoT?

IoT

IoT Artificial Intelligence Agriculture Blockchain

Ireland: DPC Annual Report 2020: Enforcement & Transfers Dominate Agenda

DLA Piper Privacy Matters

MARCH 4, 2021

In its second full year overseeing and regulating the GDPR in Ireland, the Data Protection Commission ( DPC ) has published its 2020 Annual Report , highlighting key observations, emerging guidance, and large scale inquiries and decisions of 2020. Around 60% of the data breaches notified occurred in the private sector. Enforcement.

GDPR

GDPR Compliance Data breaches Marketing

CISA issues proposed rules for cyber incident reporting in critical infrastructure

Data Protection Report

APRIL 9, 2024

On March 27, 2024, the Cybersecurity and Infrastructure Security Agency (“CISA”) published a Notice of Proposed Rulemaking for the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (“CIRCIA”), which imposes new reporting requirements for entities operating in critical infrastructure sectors.

Ransomware

Ransomware Agriculture Cybersecurity Government

SEC Requests Comment on Regulation of Information Providers Under the U.S. Investment Advisers Act

Data Matters

JUNE 24, 2022

Securities and Exchange Commission (Commission) issued a request for comment with respect to whether certain index, model, pricing, and other information providers should be regulated as investment advisers under the Investment Advisers Act of 1940. 17, 1995); Media General Financial Services, Inc. ,

Marketing

Marketing Financial Services Security Analytics

The Privacy Officers’ New Year’s Resolutions

Data Protection Report

JANUARY 6, 2020

2020 could well be a year of data export turmoil – so brace yourself! Although the AG’s view was that the SCCs are valid, he suggested that those using them would need to examine the national security laws of the data importer’s jurisdiction to determine whether they can in fact comply with the terms of the SCCs.

Privacy

Privacy GDPR Data breaches Risk

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

HL Chronicle of Data Protection

MAY 13, 2019

Major data breaches in recent years are spurring state legislators and regulators across the US into action. Of particular concern to state-level policymakers and enforcement authorities are business practices that in their view may contribute to security incidents. More states are sure to follow.

Insurance

Insurance Cybersecurity Data breaches Financial Services

Cybersecurity: Managing Risks With Third Party Companies

Cyber Info Veritas

JULY 19, 2018

Did you know that 63% of all data breaches are directly or indirectly linked to third party companies? Let us get started with how third-party data breach occurs. How Third Party Data Breach Takes Place If a hacker is targeting a large organization, they look for the gateway that will not be easily noticed.

Risk

Risk Cybersecurity Compliance Data breaches

NYDFS proposes significant cybersecurity regulation amendments

Data Protection Report

AUGUST 11, 2022

On July 29, 2022, the New York Department of Financial Services (NYDFS) announced a “pre-proposed outreach” of material proposed changes to almost every section of its cybersecurity regulations, and would affect each entity covered by the current regulations of 23 NYCRR Part 500.

Cybersecurity

Cybersecurity Risk Passwords Compliance

Mexico Issues Cookie and Web Beacon Rules and Privacy Notice Requirements

Hunton Privacy

FEBRUARY 12, 2013

On January 17, 2013, Mexico’s Ministry of Economy published its Lineamientos del Aviso de Privacidad (in Spanish) (“Privacy Notice Guidelines” or “Guidelines”), which it prepared in collaboration with the Mexican data protection authority. The Guidelines will take effect in mid-April. Cookies, Web Beacons and Similar Technology.

Privacy

Privacy Personal data Data collection Financial Services

The Hacker Mind Podcast: EP 69 Self-Healing Operating Systems

ForAllSecure

APRIL 19, 2023

In the 1950s we started to get early operating systems, and these included supervisory programs that helped manage the data coming in and going back out. All kinds of security protections, different things. For security products today, all those endpoint detection systems take some time to filter through all the subsystems.

Analytics

Analytics Communications Computer and Electronics IT

The Hacker Mind Podcast: Going Passwordless

ForAllSecure

JANUARY 19, 2022

Is there something more secure? Simon Moffatt from CyberHut joins The Hacker Mind to discuss how identity and access management (IAM) is fundamental to everything we do online today, and why even multi-factor access, while an improvement, needs to yield to more effortless and more secure passwordless technology that’s coming soon.

Passwords

Passwords Authentication Access Data breaches

Discovery of New Internet of Things (IoT) Based Malware Could Put a New Spin on DDoS Attacks

Data Protection Report

NOVEMBER 3, 2017

As we have explained previously , at their most basic level, DDoS attacks work by sending a high volume of data from different locations to a particular server or set of servers. Because the servers can only handle a certain amount of data at a time, these attacks overwhelm the servers causing them to slow significantly or fail altogether.

IoT

IoT Communications Risk Passwords

Nation-State-Sponsored Attacks: Not Your Grandfather’s Cyber Attacks

Data Matters

MAY 17, 2022

It used to be that data breaches were all about cyber-crooks hacking computer systems to steal personal information, followed by an affected company sending regretful notification letters offering a year or two of complimentary credit monitoring. All rights reserved. and Allied cyberspace assets. supply chain attacks).

Cybersecurity

Cybersecurity Government Authentication Ransomware

The Tension between GDPR and Blockchain: Are they Polar Opposites or Can they Co-exist

AIIM

JANUARY 10, 2019

One of the most notable blockchain skeptics – David Gerard –argues that if “you were silly enough to put personal data into an append-only ledger which is a proof-of-work blockchain — that’d be flat-out insane.”. Both blockchain and GDPR are designed to “democratize” data by giving more control over its use to individuals.

Blockchain

Blockchain GDPR Privacy Personal data

The Hacker Mind: MITRE ATT&CK Evaluations

ForAllSecure

MAY 4, 2021

In this episode, Frank Duff, Director of ATT&CK Evaluations for MITRE Engenuity, talks about how both red and blue teams can directly benefit from ATT&CK, and how organizations -- and even some security vendors -- are now evaluating their solutions against it. government agencies. government agencies. Yeah, great but what does it do?

Government

Government IT Access Analytics

The Hacker Mind: MITRE ATT&CK Evaluations

ForAllSecure

MAY 4, 2021

In this episode, Frank Duff, Director of ATT&CK Evaluations for MITRE Engenuity, talks about how both red and blue teams can directly benefit from ATT&CK, and how organizations -- and even some security vendors -- are now evaluating their solutions against it. government agencies. government agencies. Yeah, great but what does it do?

Government

Government IT Access Analytics

Election Results: Key Developments for Federal Privacy and Data Security Legislation

Hunton Privacy

NOVEMBER 12, 2012

federal privacy, data security and breach notice legislation? House of Representatives have jurisdictional claims to privacy, data security and breach notice legislation: Energy & Commerce, Financial Services and Judiciary. Reporting from Washington, D.C., We outline some key developments in the U.S.

Privacy

Privacy Security Financial Services Manufacturing

NYDFS releases major update to Part 500 cybersecurity requirements for financial services companies

NYDFS Amends Cybersecurity Rules for Financial Services Companies

Webinars

Trending Sources

Security Affairs newsletter Round 450 by Pierluigi Paganini – INTERNATIONAL EDITION

Webinars

Proposed Amendments to NY Financial Services Cybersecurity Regulations Impose New Obligations on Large Entities, Boards of Directors and CISOs

Why you should keep data observability separate from data cleansing

Rock the Blockchain: Thales and DigiCert Secure the Data

NYDFS Issues Ransomware Guidance Outlining Expected Security Controls

U.S. and Foreign Cybersecurity and Intelligence Agencies Recommend Measures to Counteract Threat of Russian Cyberattacks

Deploying applications built in external CI through IBM Cloud DevSecOps

Living in a data sovereign world

NYDFS Proposes Updated Second Amendment to Its Cybersecurity Regulation

EU data governance regulation – a wave of digital, regulatory and antitrust reform begins – Part 1

New York hospitals have new cybersecurity requirements

What (currently ignored) privacy area might result in early enforcement action when the GDPR is in force?

(Discussion Recap) A Perfect Storm? Panel Discussion on Handling a Cybersecurity Incident

“Am I a CII operator?” – New regulation in China provides more clarity

Assessing the Impact of the Barbados’ Proposed Data Protection Bill on the Barbadian Private Sector

The Privacy Officers’ New Year’s Resolutions

Security in the finance sector: Whose role is it anyway?

The Economy of Things: the next value lever for telcos

Ireland: DPC Annual Report 2020: Enforcement & Transfers Dominate Agenda

CISA issues proposed rules for cyber incident reporting in critical infrastructure

SEC Requests Comment on Regulation of Information Providers Under the U.S. Investment Advisers Act

The Privacy Officers’ New Year’s Resolutions

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

Cybersecurity: Managing Risks With Third Party Companies

NYDFS proposes significant cybersecurity regulation amendments

Mexico Issues Cookie and Web Beacon Rules and Privacy Notice Requirements

The Hacker Mind Podcast: EP 69 Self-Healing Operating Systems

The Hacker Mind Podcast: Going Passwordless

Discovery of New Internet of Things (IoT) Based Malware Could Put a New Spin on DDoS Attacks

Nation-State-Sponsored Attacks: Not Your Grandfather’s Cyber Attacks

The Tension between GDPR and Blockchain: Are they Polar Opposites or Can they Co-exist

The Hacker Mind: MITRE ATT&CK Evaluations

The Hacker Mind: MITRE ATT&CK Evaluations

Election Results: Key Developments for Federal Privacy and Data Security Legislation

Stay Connected