Exercises, Financial Services and Security - Information Management Today

Security Affairs newsletter Round 450 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

DECEMBER 17, 2023

Every week the best security articles from Security Affairs are free for you in your email box. A new round of the weekly SecurityAffairs newsletter arrived! Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Security

Security Data breaches Ransomware Artificial Intelligence

NYDFS releases major update to Part 500 cybersecurity requirements for financial services companies

Data Protection Report

NOVEMBER 8, 2023

On November 1, 2023, the New York Department of Financial Services (“NYDFS”) released the finalized amendments of Part 500 of its cybersecurity regulations. The new rules provide more details on how the senior governing body of the covered entity is expected to exercise oversight of its cybersecurity risk management.

Financial Services

Financial Services Cybersecurity Compliance Government

U.S. and Foreign Cybersecurity and Intelligence Agencies Recommend Measures to Counteract Threat of Russian Cyberattacks

Data Matters

JANUARY 28, 2022

The advisory was promptly endorsed by the National Cyber Security Centre, a division of Government Communications Headquarters (“GCHQ”), a UK intelligence agency. Create, Maintain, and Exercise a Cyber Incident Response, Resilience, and Continuity of Operations Plan.

Cybersecurity

Cybersecurity Financial Services Authentication Government

Webinars

Automation, Evolved: Your New Playbook For Smarter Knowledge Work

MORE WEBINARS

NYDFS Amends Cybersecurity Rules for Financial Services Companies

Hunton Privacy

NOVEMBER 23, 2022

On November 9, 2022, the New York Department of Financial Services (NYDFS) released its second, proposed amendments to the Part 500 Cybersecurity Rule. Covered Entities must have a monitoring process that ensures prompt notification of any new security vulnerabilities. Cybersecurity Governance.

Financial Services

Financial Services Cybersecurity Ransomware Risk

NYDFS Issues Ransomware Guidance Outlining Expected Security Controls

Hunton Privacy

JULY 12, 2021

On June 30, 2021, the New York State Department of Financial Services (“NYDFS,” the “Department”) issued guidance to all New York state regulated entities on ransomware (the “Guidance”), identifying controls it expects regulated companies to implement whenever possible.

Ransomware

Ransomware Security Financial Services Cybersecurity

The Tension between GDPR and Blockchain: Are they Polar Opposites or Can they Co-exist

AIIM

JANUARY 10, 2019

While a blockchain provides a trusted framework for the integrity and auditability of transactions it stands in stark contrast to the ambition of the GDPR Regulation, the foundation of which is to enable data subjects to exercise greater degree of control over the processing of personally identifiable information.

Blockchain

Blockchain GDPR Privacy Personal data

Proposed Amendments to NY Financial Services Cybersecurity Regulations Impose New Obligations on Large Entities, Boards of Directors and CISOs

Hunton Privacy

AUGUST 15, 2022

On July 29, 2022, the New York Department of Financial Services (“NYDFS”) posted proposed amendments (“Proposed Amendments”) to its Cybersecurity Requirements for Financial Services Companies (“Cybersecurity Regulations”). As part of the “training and monitoring” requirements under Section 500.14 Additional Requirements.

Financial Services

Financial Services Cybersecurity Risk Passwords

What (currently ignored) privacy area might result in early enforcement action when the GDPR is in force?

Data Protector

JANUARY 29, 2017

And also, what standard of evidence is necessary to be generated, just in case privacy regulators exercise their Article 30(4) right to request it. Does it really mean that in 481 days, European privacy regulators will be heralding the first megafine for non-compliance with one of the GDPR’s more obscure requirements? I think not.

GDPR

GDPR Privacy Compliance Personal data

Deploying applications built in external CI through IBM Cloud DevSecOps

IBM Big Data Hub

OCTOBER 10, 2023

These attacks are even more detrimental in critical systems, which include IT infrastructure and financial services organizations. IBM Cloud for Financial Services This is where IBM Cloud for Financial Services shines—it helps clients to fill that gap by supporting innovation while guaranteeing security and compliance.

Cloud

Cloud Financial Services Compliance Risk

NYDFS Proposes Updated Second Amendment to Its Cybersecurity Regulation

Hunton Privacy

JULY 5, 2023

On June 28, 2023, the New York Department of Financial Services (“NYDFS”) published an updated proposed Second Amendment (“Amendment”) to its Cybersecurity Regulation, 23 NYCRR Part 500. On November 9, 2022, NYDFS published a first draft of the proposed Amendment and received comments from stakeholders over a 60-day period.

Cybersecurity

Cybersecurity IT Compliance Financial Services

Rock the Blockchain: Thales and DigiCert Secure the Data

Thales Cloud Protection & Licensing

SEPTEMBER 15, 2021

Rock the Blockchain: Thales and DigiCert Secure the Data. It’s a staggering statistic, but 39% of companies are still not using robust data security measures. With risks so high, what is the hold up on implementing security? Are Distributed Ledger Technologies the Answer to Securing Data? Thu, 09/16/2021 - 05:31.

Blockchain

Blockchain Security Authentication Compliance

What Every CIO Needs to Know About DORA: An IT Operations Perspective

OpenText Information Management

JANUARY 24, 2025

This EU regulation, which came into force on January 16, 2023, and will apply as of January 17, 2025, aims to fortify the IT security of financial entities and ensure the European financial sector can withstand major operational disruptions.

IT

IT Compliance Risk Cloud

New York hospitals have new cybersecurity requirements

Data Protection Report

OCTOBER 23, 2024

The regulation includes elements of both the Health Insurance Portability and Accountability Act (HIPAA) and the New York Department of Financial Services (NYDFS) cybersecurity regulation. Therefore, covered hospitals may need to revise their risk analysis and management process to comply with the new regulation.

Cybersecurity

Cybersecurity Risk Access Financial Services

Why you should keep data observability separate from data cleansing

Collibra

MAY 16, 2022

However, we caution that while a robust data quality platform should correct flaws, platform leaders should exercise caution in requesting single products/projects to combine both observability and correction. For financial services, data governance found its roots in risk. Cyber Security.

Government

Government Risk Financial Services Access

Election Results: Key Developments for Federal Privacy and Data Security Legislation

Hunton Privacy

NOVEMBER 12, 2012

federal privacy, data security and breach notice legislation? House of Representatives have jurisdictional claims to privacy, data security and breach notice legislation: Energy & Commerce, Financial Services and Judiciary. Reporting from Washington, D.C., What are the consequences of the 2012 election on U.S.

Privacy

Privacy Security Financial Services Manufacturing

Security in the finance sector: Whose role is it anyway?

CGI

OCTOBER 25, 2015

Security in the finance sector: Whose role is it anyway? Thomson Reuters was recently quoted as saying, “Increased regulation isn’t just a temporary challenge for global financial institutions—it’s the new reality.”. Finance service providers. Mon, 10/26/2015 - 01:33.

Security

Security IT Digital transformation Compliance

The Privacy Officers’ New Year’s Resolutions

Data Protection Report

JANUARY 6, 2020

Although the AG’s view was that the SCCs are valid, he suggested that those using them would need to examine the national security laws of the data importer’s jurisdiction to determine whether they can in fact comply with the terms of the SCCs. He also raised serious doubts over the validity of the Privacy Shield. In the U.S.,

Privacy

Privacy GDPR Data breaches Risk

SEC Requests Comment on Regulation of Information Providers Under the U.S. Investment Advisers Act

Data Matters

JUNE 24, 2022

Securities and Exchange Commission (Commission) issued a request for comment with respect to whether certain index, model, pricing, and other information providers should be regulated as investment advisers under the Investment Advisers Act of 1940. 17, 1995); Media General Financial Services, Inc. ,

Marketing

Marketing Financial Services Security Analytics

Ireland: DPC Annual Report 2020: Enforcement & Transfers Dominate Agenda

DLA Piper Privacy Matters

MARCH 4, 2021

Security vulnerabilities including hacking, unauthorised access, malware, phishing and ransomware attacks totalled 462 breach notifications. The DPC recommends that organisations: undertake periodic reviews of their IT security measures; implement a comprehensive training plan for employees; and. Financial Services Sector Focus.

GDPR

GDPR Compliance Data breaches Marketing

(Discussion Recap) A Perfect Storm? Panel Discussion on Handling a Cybersecurity Incident

HL Chronicle of Data Protection

MARCH 16, 2020

On Tuesday, 3 March 2020, we welcomed our financial services clients in London to a lively panel event, which covered the multitude of issues which arise in a cybersecurity incident. The incident response plan should be tested in tabletop exercises involving the individuals and teams who would be involved in a real-world incident.

Cybersecurity

Cybersecurity Financial Services Risk Insurance

EU data governance regulation – a wave of digital, regulatory and antitrust reform begins – Part 1

Data Protection Report

DECEMBER 17, 2020

The Data Strategy proposed the establishment of nine common European data spaces for data sharing and pooling, including health, mobility, manufacturing, financial services, energy, and agriculture. The EC’s Data Strategy sets out a vision of common European data spaces, a Single Market for data.

Government

Government Personal data Marketing Artificial Intelligence

“Am I a CII operator?” – New regulation in China provides more clarity

Data Protection Report

AUGUST 18, 2021

China’s Cyber Security Law ( CSL ), enacted in 2016, requires operators of critical information infrastructure ( CII ) to follow a number of enhanced security obligations, including storing within China all personal information and important data collected or generated during their operations in China. Scope and identification of CII.

Financial Services

Financial Services Data collection Security Communications

CISA issues proposed rules for cyber incident reporting in critical infrastructure

Data Protection Report

APRIL 9, 2024

On March 27, 2024, the Cybersecurity and Infrastructure Security Agency (“CISA”) published a Notice of Proposed Rulemaking for the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (“CIRCIA”), which imposes new reporting requirements for entities operating in critical infrastructure sectors.

Ransomware

Ransomware Agriculture Cybersecurity Government

The Privacy Officers’ New Year’s Resolutions

Data Protection Report

JANUARY 6, 2020

Although the AG’s view was that the SCCs are valid, he suggested that those using them would need to examine the national security laws of the data importer’s jurisdiction to determine whether they can in fact comply with the terms of the SCCs. He also raised serious doubts over the validity of the Privacy Shield. In the U.S.,

Privacy

Privacy GDPR Data breaches Risk

Mexico Issues Cookie and Web Beacon Rules and Privacy Notice Requirements

Hunton Privacy

FEBRUARY 12, 2013

Where applicable, the Full Notice should contain information about the use of public do-not-contact registries, such as (1) the Public Register of Consumers established pursuant to the Federal Consumer Protection Law and (2) the Public Register of Users established pursuant to the Law for the Protection and Defense of Users of Financial Services.

Privacy

Privacy Personal data Data collection Financial Services

NYDFS proposes significant cybersecurity regulation amendments

Data Protection Report

AUGUST 11, 2022

On July 29, 2022, the New York Department of Financial Services (NYDFS) announced a “pre-proposed outreach” of material proposed changes to almost every section of its cybersecurity regulations, and would affect each entity covered by the current regulations of 23 NYCRR Part 500.

Cybersecurity

Cybersecurity Risk Passwords Compliance

Living in a data sovereign world

IBM Big Data Hub

OCTOBER 16, 2023

Digital sovereignty revolves around a value-driven, ordered, regulated and secure digital destination for all data, hardware and software, infrastructure components and application operations. Data sovereignty addresses legal, privacy, security and governance concerns associated with the storage, processing and transfer of data.

Cloud

Cloud Compliance Data Privacy Privacy

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

HL Chronicle of Data Protection

MAY 13, 2019

Of particular concern to state-level policymakers and enforcement authorities are business practices that in their view may contribute to security incidents. The insurance industry has not been immune from such scrutiny, and the imposition of business practice requirements intended to enhance cybersecurity sector-wide.

Insurance

Insurance Cybersecurity Data breaches Financial Services

Cybersecurity: Managing Risks With Third Party Companies

Cyber Info Veritas

JULY 19, 2018

This is according to a recent survey conducted by Soha Systems, and according to one of the speeches delivered by the Superintendent of the New York State Department of Financial Services, Mr. Benjamin Lawsky, “ A company’s cybersecurity is only as strong as the cybersecurity of its third-party vendors ”.

Risk

Risk Cybersecurity Compliance Data breaches

Assessing the Impact of the Barbados’ Proposed Data Protection Bill on the Barbadian Private Sector

Data Matters

SEPTEMBER 24, 2019

Companies in the financial services, technology, airline and hotel industries are among those that could face substantial compliance obligations. We provide a brief overview of BDPA’s principles relating to the processing of personal data, requirements with respect to data subject rights, international transfers, and compliance.

Personal data

Personal data GDPR Data Privacy Privacy

The Economy of Things: the next value lever for telcos

IBM Big Data Hub

JULY 11, 2023

For example, a fleet truck outfitted with an EoT-secure identity and wallet is able to pay for its own fuel at a similarly EoT-enabled fuel pump without the driver having to open an app or provide a credit card. Telcos can also play the role of data providers as well as data marketplace and brokerage operators within the ecosystem.

IoT

IoT Artificial Intelligence Agriculture Blockchain

The Hacker Mind: MITRE ATT&CK Evaluations

ForAllSecure

MAY 4, 2021

In this episode, Frank Duff, Director of ATT&CK Evaluations for MITRE Engenuity, talks about how both red and blue teams can directly benefit from ATT&CK, and how organizations -- and even some security vendors -- are now evaluating their solutions against it. government agencies. government agencies. Yeah, great but what does it do?

Government

Government IT Access Analytics

The Hacker Mind: MITRE ATT&CK Evaluations

ForAllSecure

MAY 4, 2021

In this episode, Frank Duff, Director of ATT&CK Evaluations for MITRE Engenuity, talks about how both red and blue teams can directly benefit from ATT&CK, and how organizations -- and even some security vendors -- are now evaluating their solutions against it. government agencies. government agencies. Yeah, great but what does it do?

Government

Government IT Access Analytics

Discovery of New Internet of Things (IoT) Based Malware Could Put a New Spin on DDoS Attacks

Data Protection Report

NOVEMBER 3, 2017

This prevents authorized users from being able to use or access the services being provided via the attacked servers. As with any potential security incident, effective planning can help reduce or eliminate some of the potential business harms and legal consequences of a DDoS attack before an attack occurs. Before an Attack.

IoT

IoT Communications Risk Passwords

The Hacker Mind Podcast: Going Passwordless

ForAllSecure

JANUARY 19, 2022

Is there something more secure? Simon Moffatt from CyberHut joins The Hacker Mind to discuss how identity and access management (IAM) is fundamental to everything we do online today, and why even multi-factor access, while an improvement, needs to yield to more effortless and more secure passwordless technology that’s coming soon.

Passwords

Passwords Authentication Access Data breaches

The Hacker Mind Podcast: EP 69 Self-Healing Operating Systems

ForAllSecure

APRIL 19, 2023

CODEN: Basically, the fundamental issue is look at that early Unix and Linux operating systems that were providing these very basic services that are still the the only things we really need from the operating system today. All kinds of security protections, different things. I was the head of the cybersecurity practice.

Analytics

Analytics Communications Computer and Electronics IT

Nation-State-Sponsored Attacks: Not Your Grandfather’s Cyber Attacks

Data Matters

MAY 17, 2022

Two months later, on July 19, 2021, the National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), and FBI assessed that People’s Republic of China state-sponsored malicious cyber activity is a major threat to U.S. and Allied cyberspace assets. supply chain attacks). More recently, on Feb.

Cybersecurity

Cybersecurity Government Authentication Ransomware

Security Affairs newsletter Round 450 by Pierluigi Paganini – INTERNATIONAL EDITION

NYDFS releases major update to Part 500 cybersecurity requirements for financial services companies

Webinars

Trending Sources

U.S. and Foreign Cybersecurity and Intelligence Agencies Recommend Measures to Counteract Threat of Russian Cyberattacks

Webinars

NYDFS Amends Cybersecurity Rules for Financial Services Companies

NYDFS Issues Ransomware Guidance Outlining Expected Security Controls

The Tension between GDPR and Blockchain: Are they Polar Opposites or Can they Co-exist

Proposed Amendments to NY Financial Services Cybersecurity Regulations Impose New Obligations on Large Entities, Boards of Directors and CISOs

What (currently ignored) privacy area might result in early enforcement action when the GDPR is in force?

Deploying applications built in external CI through IBM Cloud DevSecOps

NYDFS Proposes Updated Second Amendment to Its Cybersecurity Regulation

Rock the Blockchain: Thales and DigiCert Secure the Data

What Every CIO Needs to Know About DORA: An IT Operations Perspective

New York hospitals have new cybersecurity requirements

Why you should keep data observability separate from data cleansing

Election Results: Key Developments for Federal Privacy and Data Security Legislation

Security in the finance sector: Whose role is it anyway?

The Privacy Officers’ New Year’s Resolutions

SEC Requests Comment on Regulation of Information Providers Under the U.S. Investment Advisers Act

Ireland: DPC Annual Report 2020: Enforcement & Transfers Dominate Agenda

(Discussion Recap) A Perfect Storm? Panel Discussion on Handling a Cybersecurity Incident

EU data governance regulation – a wave of digital, regulatory and antitrust reform begins – Part 1

“Am I a CII operator?” – New regulation in China provides more clarity

CISA issues proposed rules for cyber incident reporting in critical infrastructure

The Privacy Officers’ New Year’s Resolutions

Mexico Issues Cookie and Web Beacon Rules and Privacy Notice Requirements

NYDFS proposes significant cybersecurity regulation amendments

Living in a data sovereign world

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

Cybersecurity: Managing Risks With Third Party Companies

Assessing the Impact of the Barbados’ Proposed Data Protection Bill on the Barbadian Private Sector

The Economy of Things: the next value lever for telcos

The Hacker Mind: MITRE ATT&CK Evaluations

The Hacker Mind: MITRE ATT&CK Evaluations

Discovery of New Internet of Things (IoT) Based Malware Could Put a New Spin on DDoS Attacks

The Hacker Mind Podcast: Going Passwordless

The Hacker Mind Podcast: EP 69 Self-Healing Operating Systems

Nation-State-Sponsored Attacks: Not Your Grandfather’s Cyber Attacks

Stay Connected