NYDFS Compliance Cybersecurity Assessment
In cybersecurity since 2003, ScienceSoft helps BFSI companies operating in New York state evaluate and achieve compliance with the NYDFS Cybersecurity Regulation.
NYDFS compliance cybersecurity assessment is aimed to show how well a company meets the latest NYDFS Cybersecurity Regulation requirements at the strategic, administrative, and technical levels. It involves the review of the existing security program, policies, and measures to help discover and close the existing compliance gaps. It may also include risk assessment, penetration testing, and vulnerability assessment, which are integral to the NYDFS cybersecurity requirements.
Who Needs NYDFS Cybersecurity Assessment
The NYDFS Cybersecurity Regulation applies to all the DFS-regulated entities operating in New York state as well as third-party service providers servicing these regulated entities. ScienceSoft is ready to conduct NYDFS cybersecurity assessment for:
Banking institutions
- Banks and trust companies.
- Domestic representative offices.
- Agencies, branches, representative offices of foreign banking organizations.
- Private bankers.
- Mortgage bankers.
- Credit unions.
- Investment companies.
- Savings banks and savings & loan associations.
Insurance service providers
- Health insurers (including non-profit health services, medical/dental expense indemnity corporations, HMOs).
- Life insurers (including public pension funds, fraternal benefit societies, retirement systems, annuity societies, life settlement companies, union welfare funds).
- Property and casualty insurers.
- Reinsurance companies, and more.
Other financial service providers
- Virtual currency businesses.
- Licensed lenders.
- Budget planners.
- Check cashers.
- Mortgage brokers.
- Money transmitters.
- Consumer credit reporting agencies.
- Service contract providers.
- Safe deposit companies.
- Holding companies.
- Premium finance agencies.
- Charitable foundations, and more.
How Our NYDFS Cybersecurity Assessment Unfolds
Step 1
Taking into account the latest amendments to the NYDFS Cybersecurity Regulation, we analyze:
Compliance scope
We define the data, software, and IT infrastructure components that influence your NYDFS compliance.
Cybersecurity team
We review the composition of your cybersecurity team, the training and reporting policies.
Security program
Analyzing your overall security strategy, we verify your:
- Cybersecurity risk identification, assessment, and mitigation mechanisms.
- IT system and non-public information protection.
- Detection, mitigation, and reporting of cybersecurity incidents, and more.
Security policies
We review all the specific security practices required by NYDFS:
- IT asset inventory and management.
- Data governance: classification, retention, deletion.
- Access controls and identity management.
- Vendor and third-party service provider management.
- Software and network security.
- Security monitoring and testing.
- Risk assessment, incident response, disaster recovery.
Step 2
We document the detected compliance gaps and deliver a comprehensive roadmap for the necessary improvements to fully comply with the NYDFS Cybersecurity Regulation.
Step 3
At the customer’s request, we implement all the required remediation measures.
|
|
|
|
|
ScienceSoft’s Penetration Testing Consultant, CEH Uladzislau Murashka reminds: According to the amended NYDFS Cybersecurity Regulation, a company must undergo regular risk assessment (once a year as a minimum, according to the proposed amendments), penetration testing at least once a year, and vulnerability assessment — at least twice a year. It is also important to keep up with the latest amendments introduced to the NYDFS regulations and promptly involve reliable regulatory consultants to help you stay compliant. |
Deliverables You Get after NYDFS Compliance Cybersecurity Assessment
ScienceSoft is ready to provide detailed reports describing your company’s current security posture and the measures needed to achieve compliance with the NYDFS Cybersecurity Regulation. Depending on the scope of our services, they may include:
- Compliance scope report with the inventory of data, software, and IT infrastructure components that influence your NYDFS compliance.
- Report on the existing security policies with improvement recommendations.
- Penetration testing and vulnerability assessment reports with the description and prioritization of the detected vulnerabilities and the required corrective measures to fix them.
- Report on employee compliance awareness, including social engineering campaign results.
- Risk assessment report describing the potential threats, vulnerabilities, the likelihood and impact of their exploitation.
- Gap analysis report comparing the as-is state against the required compliance state.
- A comprehensive roadmap for the strategic and tactical measures required to ensure full compliance with the NYDFS Cybersecurity Regulation.
Why ScienceSoft
- 19 years in cybersecurity, a solid portfolio of 200+ successfully completed projects.
- 17 years of experience in IT services for banking and finance, 10 years – for the insurance industry.
- Seasoned compliance consultants, IT security engineers, and Certified Ethical Hackers on board.
- Mature quality management and customers’ data security ensured by ISO 9001 and ISO 27001 certificates.
- Recognized as Top Penetration Testing Company by Clutch.
- ScienceSoft USA Corporation is listed among The Americas’ Fastest-Growing Companies 2022 by Financial Times.
Trusted by global brands:
Major NYDFS Compliance Cybersecurity Assessment Concerns We Handle
Challenge 1
It is difficult to find a competent vendor who combines cybersecurity expertise, experience in the BFSI industry, and knowledge of NY-specific regulations
Challenge 2
A high-level assessment that will only state our NYDFS compliance level is not enough. We need actionable insights and real improvements in our IT security
Service Options
Full assessment
We bring in our expertise in regulatory compliance and IT security management to thoroughly check each aspect required by the NYDFS Cybersecurity Regulation and offer the necessary improvements.
Assessment against the latest NYDFS amendments
Laser-focusing on the changes to be brought by the latest amendments, we help proactively implement the required measures and stay compliant.
Assessment and remediation
We guide you through every step to NYDFS Cybersecurity compliance, taking over all the required assessment and remediation activities.
Invest in NYDFS Cybersecurity Compliance Now or Pay More Later
$30M was the cybersecurity compliance breach penalty levied by NYDFS on a crypto trading service provider in 2022. |
$5.72M is the average cost of a data breach in the financial industry, according to the IBM Cost of a Data Breach Report 2022. |
All about Cybersecurity
Services
Penetration Testing
IBM QRadar Tools: Deployment & Environment
Security Testing
Vulnerability Assessment
IBM QRadar Tools: Analytics & Reporting
IBM QRadar Tools: MITRE ATT&CK
Compliance Services
NYDFS Compliance Assessment
Security Assessment
Security Information and Event Management
IBM QRadar Tools: Data Integration