IT Governance encourages New York financial institutions to start preparing for cybersecurity regulations
WYOMING, UNITED STATES, January 24, 2017 /EINPresswire.com/ -- IT Governance, the leading provider of cybersecurity and ISO 27001 expertise, is urging New York-based financial institutions to start preparing for cybersecurity regulations.
The statement follows New York State’s Department of Financial Services recent release on the updated cybersecurity proposal, which is due to come into effect on March 1, 2017. The proposed regulation requires all New York financial institutions to implement appropriate security measures to protect themselves from cyber attacks.
The new legislation will require covered entities to submit an annual written certification to the superintendent of financial services in order to demonstrate compliance.
Alan Calder, the founder and executive chairman of IT Governance, said: “Financial services and insurance entities should prepare now. The new law presents challenges for most organizations, and will require a complete assessment of both operational and technical systems.”
Moreover, the legislation will require organizations to maintain a cybersecurity program, implement risk assessment controls and an incident response plan, identify vulnerabilities in networks and platforms, encrypt non-public information, conduct penetration testing, and provide regulation cybersecurity awareness training.
Businesses will also be required to hold records, timetables, and information that support the certificate and must be kept for five years for inspection by the department.
The Regulation, which is open for comments until the end of January, exempts organizations with fewer than 10 employees, and that have had less than $5 million in revenue over the last three years. The proposed legislation also exempts organizations with assets that do not exceed $10 million.
IT Governance urges financial organizations to take action and begin preparations now, as implementation will be particularly challenging due to the many compliance deadlines, which range between six months and two years.
“As information security practitioners, we encourage organizations to implement an ISO 27001-compliant ISMS (information security management system) as a best-practice path to achieving compliance with the Regulation. Organizations certified to ISO 27001 can demonstrate the three pillars of information security – people, processes, and technology – are addressed and that the organization has implemented a management system to achieve cyber resilience and maintain a strong information security posture,” Alan Calder continued.
For more information on how IT Governance can help your organization achieve compliance with the New York legislation or certification to ISO 27001, please visit our website, email servicecenter@itgovernanceusa.com, or call 1-877-317-3454.
- Ends -
NOTES TO EDITORS
IT Governance Ltd is the single-source provider of books, tools, training, and consultancy for IT governance, risk management, and compliance. It is a leading authority on data security and IT governance for business and the public sector. IT Governance is ‘non-geek’, approaching IT issues from a non-technology background and talking to management in its own language. Its customer base spans Europe, the Americas, the Middle East, and Asia. More information is available at www.itgovernanceusa.com.
The statement follows New York State’s Department of Financial Services recent release on the updated cybersecurity proposal, which is due to come into effect on March 1, 2017. The proposed regulation requires all New York financial institutions to implement appropriate security measures to protect themselves from cyber attacks.
The new legislation will require covered entities to submit an annual written certification to the superintendent of financial services in order to demonstrate compliance.
Alan Calder, the founder and executive chairman of IT Governance, said: “Financial services and insurance entities should prepare now. The new law presents challenges for most organizations, and will require a complete assessment of both operational and technical systems.”
Moreover, the legislation will require organizations to maintain a cybersecurity program, implement risk assessment controls and an incident response plan, identify vulnerabilities in networks and platforms, encrypt non-public information, conduct penetration testing, and provide regulation cybersecurity awareness training.
Businesses will also be required to hold records, timetables, and information that support the certificate and must be kept for five years for inspection by the department.
The Regulation, which is open for comments until the end of January, exempts organizations with fewer than 10 employees, and that have had less than $5 million in revenue over the last three years. The proposed legislation also exempts organizations with assets that do not exceed $10 million.
IT Governance urges financial organizations to take action and begin preparations now, as implementation will be particularly challenging due to the many compliance deadlines, which range between six months and two years.
“As information security practitioners, we encourage organizations to implement an ISO 27001-compliant ISMS (information security management system) as a best-practice path to achieving compliance with the Regulation. Organizations certified to ISO 27001 can demonstrate the three pillars of information security – people, processes, and technology – are addressed and that the organization has implemented a management system to achieve cyber resilience and maintain a strong information security posture,” Alan Calder continued.
For more information on how IT Governance can help your organization achieve compliance with the New York legislation or certification to ISO 27001, please visit our website, email servicecenter@itgovernanceusa.com, or call 1-877-317-3454.
- Ends -
NOTES TO EDITORS
IT Governance Ltd is the single-source provider of books, tools, training, and consultancy for IT governance, risk management, and compliance. It is a leading authority on data security and IT governance for business and the public sector. IT Governance is ‘non-geek’, approaching IT issues from a non-technology background and talking to management in its own language. Its customer base spans Europe, the Americas, the Middle East, and Asia. More information is available at www.itgovernanceusa.com.
Mihaela Jucan
IT Governance Ltd
00448450701750
email us here