Document, Financial Services, Government and Information Security

NYDFS releases major update to Part 500 cybersecurity requirements for financial services companies

Data Protection Report

NOVEMBER 8, 2023

On November 1, 2023, the New York Department of Financial Services (“NYDFS”) released the finalized amendments of Part 500 of its cybersecurity regulations. The Amendment also includes new governance requirements and responsibilities applicable to the CISO of all covered entities.

Financial Services

Financial Services Cybersecurity Compliance Government

Historic Charges: First Enforcement Action Filed by New York Department of Financial Services Under Cybersecurity Regulation

Data Matters

AUGUST 19, 2020

On July 21, 2020, the New York State Department of Financial Services (NYDFS or the Department) issued a statement of charges and notice of hearing (the Statement) against First American Title Insurance Company (First American) for violations of the Department’s Cybersecurity Requirements for Financial Services Companies, 23 N.Y.C.R.R.

Financial Services

Financial Services Cybersecurity Insurance Risk

First American Financial Pays Farcical $500K Fine

Krebs on Security

JUNE 18, 2021

In May 2019, KrebsOnSecurity broke the news that the website of mortgage settlement giant First American Financial Corp. NYSE:FAF ] was leaking more than 800 million documents — many containing sensitive financial data — related to real estate transactions dating back 16 years. First American Financial Corp.

Insurance

Insurance Risk Financial Services Mining

The US government sanctioned four entities and one individual for supporting cyber operations conducted by North Korea

Security Affairs

MAY 24, 2023

The US Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced sanctions against four entities and one individual for their role in malicious cyber operations conducted to support the government of North Korea. ” reads the announcement. correspondent or payable-through account sanctions.”

Government

Government Military Financial Services IT

Top 10 Governance, Risk and Compliance (GRC) Vendors

eSecurity Planet

JANUARY 21, 2021

Governance, risk, and compliance (GRC) software helps businesses manage all of the necessary documentation and processes for ensuring maximum productivity and preparedness. Third-party governance. IT governance and security. Privacy governance and management. Document control. Audit management.

Compliance

Compliance Risk Government Retail

SEC Announces Settled Charges Against First American for Cybersecurity Disclosure Controls Failures – Lessons Learned

Data Matters

JUNE 24, 2021

On June 15, 2021, the SEC announced settled charges against First American Title Insurance Company (First American) for disclosure controls and procedures violations related to a cybersecurity vulnerability that exposed sensitive customer information. This resolution highlights the SEC’s continued focus on cybersecurity.

Cybersecurity

Cybersecurity Financial Services Risk Compliance

Security Compliance & Data Privacy Regulations

eSecurity Planet

AUGUST 9, 2022

But those aren’t the only laws or regulations that affect IT security teams. There are plenty of others to worry anyone with job titles that include terms like “compliance,” “privacy,” and “security,” from CSOs on down. See the Top Governance, Risk and Compliance (GRC) Tools. PIPL Raises the Bar – And the Stakes.

Data Privacy

Data Privacy Compliance Privacy Security

BEST PRACTICES: Rising complexities of provisioning identities has pushed ‘IGA’ to the fore

The Last Watchdog

APRIL 3, 2019

Identity governance and administration, or IGA , has suddenly become a front-burner matter at many enterprises. Related: Identity governance issues in the age of digital transformation. I had the chance at RSA 2019 to visit with Mike Kiser, global strategist at SailPoint , an Austin, TX-based supplier of IGA services to discuss this.

Digital transformation

Digital transformation Insurance Compliance Healthcare

OCR Labs exposes its systems, jeopardizing major banking clients

Security Affairs

APRIL 6, 2023

A digital identification tool provided by OCR Labs to major banks and government agencies leaked sensitive credentials, putting clients at severe risk. Its services are used by companies and financial institutions including BMW, Vodafone, the Australian government, Westpac, ANZ, HSBC, and Virgin Money.

IT

IT Financial Services Access Risk

Risk Management under the DORA Regulation

IT Governance

NOVEMBER 23, 2023

Perhaps even more concerning to EU lawmakers is how dependent society at large is on banking and other financial services. In turn, financial institutions heavily depend on ICT to be able to provide those services to begin with. That really shouldn’t surprise us – these are lucrative targets for cyber criminals.

Risk

Risk Data breaches Authentication Financial Services

Maze ransomware gang discloses data from drug testing firm HMR

Security Affairs

APRIL 8, 2020

The research firm revealed that many of the government IDs exposed in the data breach have since expired. “Many of the ID documents we have on file have expired, but if you believe you provided to HMR IDs that are still valid, report these documents as being compromised to the organisation that issued them.”

Ransomware

Ransomware Data breaches Encryption Financial Services

Multinational ICICI Bank leaks passports and credit card numbers

Security Affairs

APRIL 20, 2023

ICICI Bank leaked millions of records with sensitive data, including financial information and personal documents of the bank’s clients. In 2022, the ICICI Bank’s resources were named a “critical information infrastructure” by the Indian government – any harm to it can impact national security.

Personal data

Personal data Phishing Risk Financial Services

Record Retention is a Key Component of Your Privacy and Cyber Compliance Program

Data Protection Report

DECEMBER 23, 2019

the Federal Trade Commission has long recommended that companies properly and promptly dispose of personal information once it is no longer necessary to retain it for legal or business reasons. How do you build an effective information governance program? In the U.S., Data is not just a risk.

Privacy

Privacy Compliance Personal data Risk

How ATB Financial drives agile data ops with Collibra and GCP

Collibra

MARCH 23, 2021

ATB Financial provides a diversified set of financial services to more than 770,000 residents of Alberta, Canada. Being a regionally focused institution, the group is dedicated to knowing its customers intimately, understanding their needs and providing products and services that help them achieve their goals.

Cloud

Cloud Government Access Metadata

Top GRC Tools & Software for 2021

eSecurity Planet

JANUARY 21, 2021

Governance, risk, and compliance (GRC) software helps businesses manage all of the necessary documentation and processes for ensuring maximum productivity and preparedness. Third-party governance. IT governance and security. Privacy governance and management. Document control. Audit management.

Compliance

Compliance Risk Government Retail

UK FCA Consults on Changes to Strong Consumer Authentication, Dedicated Interfaces, and Guidance on Payment Services

Data Matters

FEBRUARY 25, 2021

The FCA is proposing amendments to: the UK onshored versions of EU technical standards on strong customer authentication (SCA) and common and secure methods of communication (UK SCA-RTS); its Approach Document on Payment Services and Electronic Money (Approach Document); and. its Perimeter Guidance Manual (PERG).

Authentication

Authentication Paper Risk Insurance

Record Retention is a Key Component of Your Privacy and Cyber Compliance Program

Data Protection Report

DECEMBER 23, 2019

the Federal Trade Commission has long recommended that companies properly and promptly dispose of personal information once it is no longer necessary to retain it for legal or business reasons. How do you build an effective information governance program? In the U.S., Data is not just a risk.

Privacy

Privacy Compliance Personal data Risk

SEC Releases Observations from Recent Cybersecurity Examinations of Broker-Dealers and Advisers

Hunton Privacy

FEBRUARY 6, 2015

Conducted by the SEC Office of Compliance Inspections and Examinations (“OCIE”) from 2013 through April 2014, the examinations inspected the cybersecurity practices of 57 registered broker-dealers and 49 registered investment advisers through interviews and document reviews.

Cybersecurity

Cybersecurity Insurance Financial Services Risk

New York Enacts Stricter Data Cybersecurity Laws

Data Matters

AUGUST 5, 2019

In such case, the determination to not notify must be documented in writing and maintained for at least five years. Moreover, unlike the contemplated New York Privacy Act, the SHIELD Act does not provide a private right of action.

Cybersecurity

Cybersecurity Data breaches Privacy Risk

FTC Seeks Comment on Proposed Changes to GLBA Implementing Rules

HL Chronicle of Data Protection

MARCH 14, 2019

It must also address the goals of the plan, internal processes for responding to a security event, and documentation and reporting regarding security events and related incident response activities. Finally, the plan must require evaluation and revisions to it as necessary following a security event. Board reporting.

Privacy

Privacy Risk Cybersecurity Information Security

Observations on the Cybersecurity Executive Order and Presidential Policy Directive

Hunton Privacy

FEBRUARY 19, 2013

by passing legislation to give our government a greater capacity to secure our networks and deter attacks.” Finally, the alphabet soup of agencies in the Executive Order and PPD again raise the troubling question of who is in charge when it comes to cybersecurity in the federal government.

Cybersecurity

Cybersecurity Agriculture Risk Government

UNRAVELING EternalBlue: inside the WannaCry’s enabler

Security Affairs

SEPTEMBER 1, 2023

When printing a document, a person may use their computer, the client, to send a request to a colleague’s computer, the server, with a request to print the document. The SMB Protocol is a standard, system that creates a connection between client and server by sending responses and requests.

Phishing

Phishing Ransomware Search queries Access

ARMA and AIEF Issue Special Edition Publication: Blockchain, AI, Accounting Records, and other IG topics covered

IG Guru

DECEMBER 11, 2019

Nice to see the AIEF and ARMA working together to publish this special edition. The post ARMA and AIEF Issue Special Edition Publication: Blockchain, AI, Accounting Records, and other IG topics covered appeared first on IG GURU.

Blockchain

Blockchain Financial Services Records Management Archiving

FFIEC Guidance on Authentication and Access to Financial Institution Services and Systems

Data Matters

AUGUST 17, 2021

The Guidance is not intended to serve as a comprehensive framework but rather provides financial institutions with examples of effective risk management practices without endorsing any specific information security framework or standard. The 2005 guidance replaced a 2001 version of the same document.

Authentication

Authentication Access Risk Financial Services

An Approach to Cybersecurity Risk Oversight for Corporate Directors

Data Matters

APRIL 23, 2018

Increasingly, thought leaders, professional organizations, and government agencies are beginning to provide answers. Information security is not yet a science; outside of the handful of issues falling under the field of cryptography, there is no formalized system of classification. Aligning cyber risk with corporate strategy.

Cybersecurity

Cybersecurity Risk Passwords Authentication

Tianfu Cup 2019 Day 1 – Chinese experts hacked Chrome, Edge, Safari, Office365

Security Affairs

NOVEMBER 17, 2019

Chinese white hat hackers have a long story of success, they won several international hacking contests in the past, but in 2018 the Chinese government prohibited Chinese experts in participating this kind of competition abroad. Since the decision of the Chinese Government, the TianfuCup was set up for the first time in the fall of 2018.

Financial Services

Financial Services Government Security Cybersecurity

OCR and Health Care Industry Cybersecurity Task Force Publish Cybersecurity Materials

Hunton Privacy

JUNE 12, 2017

The checklist is accompanied by an infographic that lists these steps and notes that an organization must retain all documentation related to the risk assessment following a cyber attack, including any determination that a breach of PHI has not occurred. improving information sharing of industry threats, risks and mitigations.

Cybersecurity

Cybersecurity Computer and Electronics Education Financial Services

Security Affairs newsletter Round 446 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

NOVEMBER 19, 2023

Israeli man sentenced to 80 months in prison for providing hacker-for-hire services Russian APT Gamaredon uses USB worm LitterDrifter against Ukraine The board of directors of OpenAI fired Sam Altman Medusa ransomware gang claims the hack of Toyota Financial Services CISA adds Sophos Web Appliance bug to its Known Exploited Vulnerabilities catalog (..)

Security

Security Data breaches Ransomware Financial Services

President Trump Signs Financial Services Regulatory Reform Legislation

Data Matters

JUNE 5, 2018

Section 213 of the Act authorizes insured depository institutions and insured credit unions (and their respective affiliates) to accept, in connection with an individual consumer’s request to open an account or obtain a service, a scanned driver’s license or identification card issued by a state or local government.

Financial Services

Financial Services Insurance Privacy Authentication

Episode 222: US Rep. Himes on Congress’s About-face on Cybersecurity

The Security Ledger

AUGUST 12, 2021

It is also no secret that sophisticated nation-state adversaries have made a habit of poking around inside sensitive government and corporate networks. . Between 1998 and today there have been countless hearings on cyber risks and countless reports documenting the federal government’s ineptitude on matters of information security.

Cybersecurity

Cybersecurity Financial Services Risk Government

Security Affairs newsletter Round 449 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

DECEMBER 10, 2023

Will Enable Mass Spying Reddit Says Leaked U.S.-U.K. billion personal records compromised by data breaches in past two years — underscoring need for end‑to‑end encryption Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, newsletter)

Security

Security Ransomware Data breaches Phishing

Information Management Today

NYDFS releases major update to Part 500 cybersecurity requirements for financial services companies

Historic Charges: First Enforcement Action Filed by New York Department of Financial Services Under Cybersecurity Regulation

Trending Sources

First American Financial Pays Farcical $500K Fine

The US government sanctioned four entities and one individual for supporting cyber operations conducted by North Korea

Top 10 Governance, Risk and Compliance (GRC) Vendors

SEC Announces Settled Charges Against First American for Cybersecurity Disclosure Controls Failures – Lessons Learned

Security Compliance & Data Privacy Regulations

BEST PRACTICES: Rising complexities of provisioning identities has pushed ‘IGA’ to the fore

OCR Labs exposes its systems, jeopardizing major banking clients

Risk Management under the DORA Regulation

Maze ransomware gang discloses data from drug testing firm HMR

Multinational ICICI Bank leaks passports and credit card numbers

Record Retention is a Key Component of Your Privacy and Cyber Compliance Program

How ATB Financial drives agile data ops with Collibra and GCP

Top GRC Tools & Software for 2021

UK FCA Consults on Changes to Strong Consumer Authentication, Dedicated Interfaces, and Guidance on Payment Services

Record Retention is a Key Component of Your Privacy and Cyber Compliance Program

SEC Releases Observations from Recent Cybersecurity Examinations of Broker-Dealers and Advisers

New York Enacts Stricter Data Cybersecurity Laws

FTC Seeks Comment on Proposed Changes to GLBA Implementing Rules

Observations on the Cybersecurity Executive Order and Presidential Policy Directive

UNRAVELING EternalBlue: inside the WannaCry’s enabler

ARMA and AIEF Issue Special Edition Publication: Blockchain, AI, Accounting Records, and other IG topics covered

FFIEC Guidance on Authentication and Access to Financial Institution Services and Systems

An Approach to Cybersecurity Risk Oversight for Corporate Directors

Tianfu Cup 2019 Day 1 – Chinese experts hacked Chrome, Edge, Safari, Office365

OCR and Health Care Industry Cybersecurity Task Force Publish Cybersecurity Materials

Security Affairs newsletter Round 446 by Pierluigi Paganini – INTERNATIONAL EDITION

President Trump Signs Financial Services Regulatory Reform Legislation

Episode 222: US Rep. Himes on Congress’s About-face on Cybersecurity

Security Affairs newsletter Round 449 by Pierluigi Paganini – INTERNATIONAL EDITION

Stay Connected