Information Security Forum Maps to New York State Department of Financial Services Cyber Security Requirements
April 2017 by Marc Jacob
As cyber security increasingly becomes a national security issue, governments are
taking a more active role in defining responses to cyber threats. In an initiative
to protect New York’s financial services industry, Governor Andrew Cuomo recently
introduced a new State regulation to protect
consumers and financial institutions from cyber-attacks. Effective March 1, this
risk-driven regulation requires all financial services institutions regulated by the
New York Department of Financial Services (DFS) to establish and maintain a cyber
security program that will protect both customers’ private data and the technology
that supports this.
In an effort to support the New York State DFS cyber security requirements, the
Information Security Forum<http://www.securityforum.org>
(ISF) today announced the
creation of a mapping between the DFS regulation and the ISF’s research, tools and
methodologies to aid DFS compliance. The mapping aids DFS compliance by showing
which elements of the ISF’s comprehensive library of good practice can be deployed
to satisfy each of the DFS requirements. This good practice comprises:
* A business-driven approach for identifying information risk in a manner that
reflects risk appetite and recognizes compliance requirements (such as the DFS
regulation), using Information Risk Assessment Methodology
* Detailed guidance on specific controls that can be applied to mitigate
information risk and enhance cyber resilience (including those specifically
referenced by the DFS regulation, such as enhanced Access Control), captured in
one place.
* Topic-specific ’deeper dive’ material that provides further implementation
guidance in areas of particular importance to cyber security, such as threat
intelligence and application security
While the ISF has created a mapping between the DFS regulation and the ISF’s
research, tools and methodologies to aid DFS compliance, the organization recognizes
that many businesses lack the time, resources or in-house expertise to deliver this
business essential project. ISF Consultancy Services are available to provide
independent and objective guidance that unleash the full potential of ISF
deliverables in a way that is pragmatic and cost-efficient. ISF Consultancy Services
provide organizations with a variety of business solutions which are tailored to
meet their immediate business requirements. ISF consultants provide customized,
professional support and training to strengthen an organization’s cyber resilience
and information risk management arrangements, therefore equipping them to respond to
rapidly evolving security threats.