Exercises, Financial Services and Government - Information Management Today

NYDFS releases major update to Part 500 cybersecurity requirements for financial services companies

Data Protection Report

NOVEMBER 8, 2023

On November 1, 2023, the New York Department of Financial Services (“NYDFS”) released the finalized amendments of Part 500 of its cybersecurity regulations. The Amendment also includes new governance requirements and responsibilities applicable to the CISO of all covered entities.

Financial Services

Financial Services Cybersecurity Compliance Government

U.S. and Foreign Cybersecurity and Intelligence Agencies Recommend Measures to Counteract Threat of Russian Cyberattacks

Data Matters

JANUARY 28, 2022

The advisory was promptly endorsed by the National Cyber Security Centre, a division of Government Communications Headquarters (“GCHQ”), a UK intelligence agency. government, especially in light of ongoing tensions between the U.S. Create, Maintain, and Exercise a Cyber Incident Response, Resilience, and Continuity of Operations Plan.

Cybersecurity

Cybersecurity Financial Services Authentication Government

UK Government sets out proposals to shake up UK data protection laws

Data Protection Report

SEPTEMBER 28, 2021

On 10 September 2021, the UK Government published its consultation paper on proposals to reform the UK’s data protection regime. On legitimate interests, the Government proposes disapplying the legitimate interest balancing test for certain activities. The deadline for responding to the consultation is 19 November 2021.

Government

Government FOIA GDPR Compliance

Webinars

How to Achieve High-Accuracy Results When Using LLMs

Maximizing Profit and Productivity: The New Era of AI-Powered Accounting

Automation, Evolved: Your New Playbook For Smarter Knowledge Work

MORE WEBINARS

NYDFS Amends Cybersecurity Rules for Financial Services Companies

Hunton Privacy

NOVEMBER 23, 2022

On November 9, 2022, the New York Department of Financial Services (NYDFS) released its second, proposed amendments to the Part 500 Cybersecurity Rule. Cybersecurity Governance. The proposed amendments revise several aspects of the draft Cybersecurity Rule amendments released on July 29, 2022.

Financial Services

Financial Services Cybersecurity Ransomware Risk

EU data governance regulation – a wave of digital, regulatory and antitrust reform begins – Part 1

Data Protection Report

DECEMBER 17, 2020

On 25 November 2020, the European Commission ( EC ) published its proposed Data Governance Regulation (the DGR ), which will create a new legal framework to encourage the development of a European single market for data. What are the objectives of the Data Governance Regulation? This is part one of a series of three blog posts.

Government

Government Personal data Marketing Agriculture

Proposed Amendments to NY Financial Services Cybersecurity Regulations Impose New Obligations on Large Entities, Boards of Directors and CISOs

Hunton Privacy

AUGUST 15, 2022

On July 29, 2022, the New York Department of Financial Services (“NYDFS”) posted proposed amendments (“Proposed Amendments”) to its Cybersecurity Requirements for Financial Services Companies (“Cybersecurity Regulations”). The risk assessments required by Section 500.9

Financial Services

Financial Services Cybersecurity Risk Passwords

NYDFS Proposes Updated Second Amendment to Its Cybersecurity Regulation

Hunton Privacy

JULY 5, 2023

On June 28, 2023, the New York Department of Financial Services (“NYDFS”) published an updated proposed Second Amendment (“Amendment”) to its Cybersecurity Regulation, 23 NYCRR Part 500. As described below, senior governing bodies would have new oversight responsibilities under the amendments.

Cybersecurity

Cybersecurity IT Compliance Financial Services

Why you should keep data observability separate from data cleansing

Collibra

MAY 16, 2022

However, we caution that while a robust data quality platform should correct flaws, platform leaders should exercise caution in requesting single products/projects to combine both observability and correction. For financial services, data governance found its roots in risk. Audit & Professional Services.

Government

Government Risk Financial Services Access

What Every CIO Needs to Know About DORA: An IT Operations Perspective

OpenText Information Management

JANUARY 24, 2025

This regulation covers a wide range of aspects related to digital operational resilience, including: ICT risk management: DORA mandates a comprehensive ICT risk management framework encompassing strategies, policies, procedures, and governance structures to ensure continuous risk monitoring and mitigation.

IT

IT Compliance Risk Cloud

New York hospitals have new cybersecurity requirements

Data Protection Report

OCTOBER 23, 2024

The regulation includes elements of both the Health Insurance Portability and Accountability Act (HIPAA) and the New York Department of Financial Services (NYDFS) cybersecurity regulation. The regulation also requires that the hospital’s cybersecurity policies address data governance and classification.

Cybersecurity

Cybersecurity Risk Access Financial Services

Business Architecture and Process Modeling for Digital Transformation

erwin

JULY 11, 2019

For instance, millennials are adept at using digital channels, and they are the fastest-growing customer base for financial services companies. With it, any transformation initiative becomes a simple, streamlined exercise to support distributed information capture and management, object-oriented modeling, simulation and collaboration.

Digital transformation

Digital transformation Information capture Compliance Financial Services

Process Excellence: A transformational lever to extreme automation

IBM Big Data Hub

APRIL 20, 2023

Along with defining and operationalizing the right level of governance across organizational layers for efficient value orchestration and continuous improvement. A Process Mining exercise drawing data from enterprise SAP has helped measure KPI performance and define the transformation roadmap.

Mining

Mining Financial Services Digital transformation Retail

The Impact of Data Protection Laws on Your Records Retention Schedule

ARMA International

APRIL 18, 2022

The purpose of this article is to remove the fear and intimidation of domestic and global data protection laws and show how these laws and requirements are consistent with the existing objectives of your records retention schedule and information governance policy. Definition and Purpose of a Records Retention Schedule.

Personal data

Personal data GDPR Privacy Records Management

Rock the Blockchain: Thales and DigiCert Secure the Data

Thales Cloud Protection & Licensing

SEPTEMBER 15, 2021

And yet, security is not a nice-to-have feature or an afterthought - it’s a critical business necessity, and ensuring that an appropriate governance structure is in place is crucial. It’s not hard to understand why companies are exercising diligence when selecting a data protection solution.

Blockchain

Blockchain Security Authentication Compliance

The Privacy Officers’ New Year’s Resolutions

Data Protection Report

JANUARY 6, 2020

The New York State Department for Financial Services regulations require covered entities to have appropriate record retention policies and procedures and the CCPA provides an extra incentive to implement proper information governance to minimise the costs data access requests. In the U.S., Be one step ahead.

Privacy

Privacy GDPR Data breaches Risk

Takeaways From CCPA Public Forums

Data Matters

FEBRUARY 12, 2019

Establishing rules and procedures governing requests from consumers to opt-out of the sale of personal information, including through the development and use of a recognizable and uniform opt-out logo or button by all businesses to promote consumer awareness of the opportunity to opt-out. Rules for Opt-Out of Sale.

Sales

Sales Privacy Data Privacy Compliance

CISA issues proposed rules for cyber incident reporting in critical infrastructure

Data Protection Report

APRIL 9, 2024

For example, government contractors or subcontractors with reporting obligations to the DOD or DOE for cyber incidents, or financial services entities that are already required to report cyber incidents to their primary federal regulator would be considered “covered entities” under the CIRCIA.

Ransomware

Ransomware Agriculture Cybersecurity Government

Living in a data sovereign world

IBM Big Data Hub

OCTOBER 16, 2023

Data sovereignty addresses legal, privacy, security and governance concerns associated with the storage, processing and transfer of data. The focus is on the ability to exercise control, make decisions and enforce legal and regulatory obligations related to the data, regardless of its physical location.

Cloud

Cloud Compliance Data Privacy Privacy

#ModernDataMasters: Mike Evans, Chief Technology Officer

Reltio

MARCH 19, 2019

It will be possible to put more emphasis on the people, process and data governance which really make MDM live and breathe.”. We teach that problem solving is at the core of MDM, and how important data governance principles are regardless of the configuration of the underpinning technology.”. Prioritise people, process and governance.

MDM

MDM Retail IT Government

“Am I a CII operator?” – New regulation in China provides more clarity

Data Protection Report

AUGUST 18, 2021

In addition, some companies have received an official notice that it is a CII, but we expect more to come so companies operating in sensitive or highly regulated sectors like energy, financial services, and telecoms should be aware that the issuance of a notice still remains a possibility.

Financial Services

Financial Services Data collection Security Communications

NYDFS proposes significant cybersecurity regulation amendments

Data Protection Report

AUGUST 11, 2022

On July 29, 2022, the New York Department of Financial Services (NYDFS) announced a “pre-proposed outreach” of material proposed changes to almost every section of its cybersecurity regulations, and would affect each entity covered by the current regulations of 23 NYCRR Part 500. Governance. The Proposed Regulation Changes.

Cybersecurity

Cybersecurity Risk Passwords Compliance

The Privacy Officers’ New Year’s Resolutions

Data Protection Report

JANUARY 6, 2020

The New York State Department for Financial Services regulations require covered entities to have appropriate record retention policies and procedures and the CCPA provides an extra incentive to implement proper information governance to minimise the costs data access requests. In the U.S., Be one step ahead.

Privacy

Privacy GDPR Data breaches Risk

The Economy of Things: the next value lever for telcos

IBM Big Data Hub

JULY 11, 2023

Vertical data platforms owned and operated by telcos and targeting a specific industry such as automotive, agriculture or financial services already exist today. It may also decide to publish data services in the form of APIs to facilitate third party developer solutions leveraging the EoT data.

IoT

IoT Agriculture Artificial Intelligence Blockchain

#ModernDataMasters: Henrik Liliendahl, Chairman & CTO, Product Data Lake

Reltio

JUNE 20, 2019

But that was my route into data management and going from there into MDM PIM and data governance. I like to walk and bicycle – it is good exercise but you can also think while you do these things. To find that out we applied some matching techniques.”. I developed that product and later merged it into a larger company.

MDM

MDM Manufacturing Computer and Electronics Digital transformation

Discovery of New Internet of Things (IoT) Based Malware Could Put a New Spin on DDoS Attacks

Data Protection Report

NOVEMBER 3, 2017

Organizations should consider retaining third parties like Akamai or Cloudflare to provide DDoS mitigation services designed to combat these attacks by absorbing or deflecting DDoS traffic. DDoS Mitigation. Further Investigation. As mentioned previously, DDoS attacks could result in litigation or regulatory scrutiny for a variety of reasons.

IoT

IoT Communications Risk Passwords

The Hacker Mind Podcast: Going Passwordless

ForAllSecure

JANUARY 19, 2022

And I think it is an exercise, pretty fun to look at those credentials. You know, I think many organizations certainly if you look at the consumer facing landscape where you are, you're pulling in identity information from consumers, citizens, customers, you're selling stuff for your government department doing things online.

Passwords

Passwords Authentication Access Data breaches

Security Affairs newsletter Round 450 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

DECEMBER 17, 2023

CISA and ENISA enhance their Cooperation CISA adds Qlik bugs to exploited vulnerabilities catalog Report: 2.6 CISA and ENISA enhance their Cooperation CISA adds Qlik bugs to exploited vulnerabilities catalog Report: 2.6

Security

Security Data breaches Ransomware Artificial Intelligence

The Hacker Mind Podcast: EP 69 Self-Healing Operating Systems

ForAllSecure

APRIL 19, 2023

So system matching learns what to what's an anomaly in addition to all the hundreds of rules that are typically written into a sim and the built in data governance, or GDPR, the CCPA California Consumer Protection Act, and then the fact that the programming is is easier. VAMOSI: Michael mentioned financial services.

Analytics

Analytics Communications Computer and Electronics IT

The Tension between GDPR and Blockchain: Are they Polar Opposites or Can they Co-exist

AIIM

JANUARY 10, 2019

While a blockchain provides a trusted framework for the integrity and auditability of transactions it stands in stark contrast to the ambition of the GDPR Regulation, the foundation of which is to enable data subjects to exercise greater degree of control over the processing of personally identifiable information.

Blockchain

Blockchain GDPR Privacy Personal data

The Hacker Mind: MITRE ATT&CK Evaluations

ForAllSecure

MAY 4, 2021

government agencies. Duff: What MITRE does is provide usually high level understanding to our government customers on problems that they face, and that can range anything from work we do with the FAA to work we do with the NCC OE so the National Cybersecurity Center of Excellence, which is operated by NIST, a variety of programs in between.

Government

Government IT Access Analytics

The Hacker Mind: MITRE ATT&CK Evaluations

ForAllSecure

MAY 4, 2021

government agencies. Duff: What MITRE does is provide usually high level understanding to our government customers on problems that they face, and that can range anything from work we do with the FAA to work we do with the NCC OE so the National Cybersecurity Center of Excellence, which is operated by NIST, a variety of programs in between.

Government

Government IT Access Analytics

Nation-State-Sponsored Attacks: Not Your Grandfather’s Cyber Attacks

Data Matters

MAY 17, 2022

Attorney General described a recent takedown of a Russian government-sponsored botnet called Cyclops Blink before it was weaponized and caused damage. and foreign government agencies. government reported a significant rise in hacks perpetrated against private companies by nation-state-sponsored threat actors.

Cybersecurity

Cybersecurity Government Authentication Ransomware

The EDPB Opinion on training AI models using personal data and recent Garante fine – lawful deployment of LLMs

Data Protection Report

JANUARY 2, 2025

At the time, the Garante was satisfied that OpenAI had commenced the implementation of the measures required in an order of 11 April 2023 , including making improvements to its privacy notice, identifying a lawful basis for its processing, and providing a tool for data subjects to exercise their right to object.

Personal data

Personal data GDPR Privacy Communications

Information Management Today

NYDFS releases major update to Part 500 cybersecurity requirements for financial services companies

U.S. and Foreign Cybersecurity and Intelligence Agencies Recommend Measures to Counteract Threat of Russian Cyberattacks

Webinars

Trending Sources

UK Government sets out proposals to shake up UK data protection laws

Webinars

NYDFS Amends Cybersecurity Rules for Financial Services Companies

EU data governance regulation – a wave of digital, regulatory and antitrust reform begins – Part 1

Proposed Amendments to NY Financial Services Cybersecurity Regulations Impose New Obligations on Large Entities, Boards of Directors and CISOs

NYDFS Proposes Updated Second Amendment to Its Cybersecurity Regulation

Why you should keep data observability separate from data cleansing

What Every CIO Needs to Know About DORA: An IT Operations Perspective

New York hospitals have new cybersecurity requirements

Business Architecture and Process Modeling for Digital Transformation

Process Excellence: A transformational lever to extreme automation

The Impact of Data Protection Laws on Your Records Retention Schedule

Rock the Blockchain: Thales and DigiCert Secure the Data

The Privacy Officers’ New Year’s Resolutions

Takeaways From CCPA Public Forums

CISA issues proposed rules for cyber incident reporting in critical infrastructure

Living in a data sovereign world

#ModernDataMasters: Mike Evans, Chief Technology Officer

“Am I a CII operator?” – New regulation in China provides more clarity

NYDFS proposes significant cybersecurity regulation amendments

The Privacy Officers’ New Year’s Resolutions

The Economy of Things: the next value lever for telcos

#ModernDataMasters: Henrik Liliendahl, Chairman & CTO, Product Data Lake

Discovery of New Internet of Things (IoT) Based Malware Could Put a New Spin on DDoS Attacks

The Hacker Mind Podcast: Going Passwordless

Security Affairs newsletter Round 450 by Pierluigi Paganini – INTERNATIONAL EDITION

The Hacker Mind Podcast: EP 69 Self-Healing Operating Systems

The Tension between GDPR and Blockchain: Are they Polar Opposites or Can they Co-exist

The Hacker Mind: MITRE ATT&CK Evaluations

The Hacker Mind: MITRE ATT&CK Evaluations

Nation-State-Sponsored Attacks: Not Your Grandfather’s Cyber Attacks

The EDPB Opinion on training AI models using personal data and recent Garante fine – lawful deployment of LLMs

Stay Connected