Feb 13, 2019 | Audit, Compliance, HIPAA, Information Security, ISO27001, New York Cyber 23 NYCRR 500, NIST 800-53, Risk Management
By: Kristof Holm We’ve written several blogs on risk assessments and controls assessments. However, these two terms are often co-mingled, used interchangeably, or incorrectly. Unfortunately, it’s very easy to do this and often if we aren’t careful even professionals...
Jan 16, 2019 | Audit, HIPAA, IRS1075, ISO27001, MARS-E, New York Cyber 23 NYCRR 500, NIST 800-53
By: Justin Fimlaid The beginning of the year is a great time to review your security posture. You have many options available to you as to how you conduct security review. The most common ways that we see companies approach a review of their security program generally...
Oct 16, 2018 | Compliance, Information Security, New York Cyber 23 NYCRR 500, Risk Management, Vendor Assessments
By Paul Dusini, Information Assurance Manager In a recent blog Less is More: Focusing Your Third-Party Vendor Risk Assessments on the Basics, we provided guidance for developing the list of questions to use when assessing the security posture of your third-party...
Mar 1, 2017 | Compliance, New York Cyber 23 NYCRR 500
The financial industry is a prime target of cyber attacks. To keep pace with new threats, new regulations must be created. As of March 1, New York is the first state to implement regulations specific to cybersecurity. With 23 NYCRR 500, New York State Department of...
Feb 7, 2017 | Compliance, New York Cyber 23 NYCRR 500
Updated: 11/02/2017 A New Standard, 23 NYCRR 500 New York State is implementing broad-reaching regulations to protect its financial institutions. Titled “Cybersecurity Requirements for Financial Services Companies”, this set of regulations builds on NIST 800-53 to...
