NYDFS Compliance Cybersecurity Assessment
In cybersecurity since 2003, ScienceSoft helps BFSI companies operating in New York state evaluate and achieve compliance with the NYDFS Cybersecurity Regulation.
Whom we serve
NYDFS compliance cybersecurity assessment is aimed to show how well a company meets the latest NYDFS Cybersecurity Regulation requirements at the strategic, administrative, and technical levels. It involves the review of the existing security program, policies, and measures to help discover and close the existing compliance gaps. It may also include risk assessment, penetration testing, and vulnerability assessment, which are integral to the NYDFS cybersecurity requirements.
Who Needs NYDFS Cybersecurity Assessment
The NYDFS Cybersecurity Regulation applies to all the DFS-regulated entities operating in New York state as well as third-party service providers servicing these regulated entities. ScienceSoft is ready to conduct NYDFS cybersecurity assessment for:
- Banks and trust companies.
- Domestic representative offices.
- Agencies, branches, representative offices of foreign banking organizations.
- Private bankers.
- Mortgage bankers.
- Credit unions.
- Investment companies.
- Savings banks and savings & loan associations.
Insurance service providers
- Health insurers (including non-profit health services, medical/dental expense indemnity corporations, HMOs).
- Life insurers (including public pension funds, fraternal benefit societies, retirement systems, annuity societies, life settlement companies, union welfare funds).
- Property and casualty insurers.
- Reinsurance companies, and more.
Other financial service providers
- Virtual currency businesses.
- Licensed lenders.
- Budget planners.
- Check cashers.
- Mortgage brokers.
- Money transmitters.
- Consumer credit reporting agencies.
- Service contract providers.
- Safe deposit companies.
- Holding companies.
- Premium finance agencies.
- Charitable foundations, and more.
How Our NYDFS Cybersecurity Assessment Unfolds
Taking into account the latest amendments to the NYDFS Cybersecurity Regulation, we analyze:
We define the data, software, and IT infrastructure components that influence your NYDFS compliance.
We review the composition of your cybersecurity team, the training and reporting policies.
Analyzing your overall security strategy, we verify your:
- Cybersecurity risk identification, assessment, and mitigation mechanisms.
- IT system and non-public information protection.
- Detection, mitigation, and reporting of cybersecurity incidents, and more.
We review all the specific security practices required by NYDFS:
- IT asset inventory and management.
- Data governance: classification, retention, deletion.
- Access controls and identity management.
- Vendor and third-party service provider management.
- Software and network security.
- Security monitoring and testing.
- Risk assessment, incident response, disaster recovery.
We document the detected compliance gaps and deliver a comprehensive roadmap for the necessary improvements to fully comply with the NYDFS Cybersecurity Regulation.
At the customer’s request, we implement all the required remediation measures.
ScienceSoft’s Penetration Testing Consultant, CEH Uladzislau Murashka reminds:
According to the amended NYDFS Cybersecurity Regulation, a company must undergo regular risk assessment (once a year as a minumum, according to the proposed amendments), penetration testing at least once a year, and vulnerability assessment — at least twice a year. It is also important to keep up with the latest amendments introduced to the NYDFS regulations and promptly involve reliable regulatory consultants to help you stay compliant.
Deliverables You Get after NYDFS Compliance Cybersecurity Assessment
ScienceSoft is ready to provide detailed reports describing your company’s current security posture and the measures needed to achieve compliance with the NYDFS Cybersecurity Regulation. Depending on the scope of our services, they may include:
- Compliance scope report with the inventory of data, software, and IT infrastructure components that influence your NYDFS compliance.
- Report on the existing security policies with improvement recommendations.
- Penetration testing and vulnerability assessment reports with the description and prioritization of the detected vulnerabilities and the required corrective measures to fix them.
- Report on employee compliance awareness, including social engineering campaign results.
- Risk assessment report describing the potential threats, vulnerabilities, the likelihood and impact of their exploitation.
- Gap analysis report comparing the as-is state against the required compliance state.
- A comprehensive roadmap for the strategic and tactical measures required to ensure full compliance with the NYDFS Cybersecurity Regulation.
Our Customers Say
ScienceSoft proved to be a reliable and agile technology partner. We especially appreciate their professional approach to security issues, which were among our main concerns due to strict regulations.
We are fully satisfied with our partnership with ScienceSoft. Their team provided penetration testing in a timely and professional manner and gave us valuable recommendations on improving the security of our web apps and the external IP address.
Head of eBanking
The team has been delivering results within budget and time. I’m absolutely satisfied with the quality of their services, their development skills and responsibility as well as the way they manage communication with us and our clients. I fully recommend ScienceSoft as a reliable IT partner!
- 19 years in cybersecurity, a solid portfolio of 200+ successfully completed projects.
- 17 years of experience in IT services for banking and finance, 10 years – for the insurance industry.
- IBM Business Partner in Security Operations & Response since 2003.
- Seasoned compliance consultants, IT security engineers, and Certified Ethical Hackers on board.
- Mature quality management and customers’ data security ensured by ISO 9001 and ISO 27001 certificates.
- ScienceSoft USA Corporation is listed among The Americas’ Fastest-Growing Companies 2022 by Financial Times.
Trusted by global brands:
Major NYDFS Compliance Cybersecurity Assessment Concerns We Handle
It is difficult to find a competent vendor who combines cybersecurity expertise, experience in the BFSI industry, and knowledge of NY-specific regulations
Answer: After 17 years of providing IT services to the banking and financial services industry, we deeply understand BFSI specifics and stay aware of the latest domain regulations. As a software development and IT consulting company, we know how to secure software and IT infrastructure against the latest cyber threats. And finally, we can competently handle the NYDFS cybersecurity requirements as they are based on the NIST 800-53 framework that we have been mastering for years.
A high-level assessment that will only state our NYDFS compliance level is not enough. We need actionable insights and real improvements in our IT security
Answer: ScienceSoft’s assessment is followed by actionable guidance at the strategic and technical levels. To ensure both NYDFS compliance and reliable protection of your IT assets, we offer practical help:
- Adjusting your existing security policies or designing them from scratch.
- Implementing technical security controls that will work best for your specific IT environment.
- Scheduling and conducting regular risk assessment, penetration testing, and vulnerability assessment to keep you protected against emerging cyber threats.
- Checking and helping enhance your employees’ cyber awareness through social engineering campaigns, security training, and more.
On Guard of BFSI Security: ScienceSoft’s Selected Projects
AWS Cloud Security Assessment and Recurring Infrastructure Pentesting for a US Insurance Company
As a part of a long-term security partnership, ScienceSoft performed two annual penetration tests of the IT infrastructure and AWS cloud security assessment for a US insurance company. Following ScienceSoft’s recommendations, the Customer managed to achieve and maintain a high security level of its IT environment.
Pentesting of Blockchain Software and IT Infrastructure for a Fintech Company
ScienceSoft performed black box and gray box penetration testing for a US fintech company that delivers Bitcoin wallets, crypto ATM solutions, and other blockchain software. As a result, the Customer enhanced the security of its mobile and web applications and reliably protected its IT infrastructure.
Web Application Penetration Testing for a European Bank
ScienceSoft performed black box penetration tests of web applications for a bank with $300M+ in total assets and more than 40 national branches. The testers revealed 4 types of vulnerabilities and drew up a detailed remediation plan to ensure reliable protection of sensitive payment information.
Web Platform Pentesting and Data Breach Consulting for a Trading Services Provider
ScienceSoft performed gray box penetration testing of a trading platform. Pentesting was following a data breach and was aimed to investigate its causes and help report the breach mitigation efforts to the regulatory authorities on time.
API Security Testing for a European Bank
ScienceSoft's Certified Ethical Hackers conducted black box pentesting and security code review of an API for a European bank with $400M+ in assets and more than 100 physical branches across the country.
We bring in our expertise in regulatory compliance and IT security management to thoroughly check each aspect required by the NYDFS Cybersecurity Regulation and offer the necessary improvements.
Assessment against the latest NYDFS amendments
Laser-focusing on the changes to be brought by the latest amendments, we help proactively implement the required measures and stay compliant.
Assessment and remediation
We guide you through every step to NYDFS Cybersecurity compliance, taking over all the required assessment and remediation activities.
Invest in NYDFS Cybersecurity Compliance Now or Pay More Later
We Know How to Secure Your IT – and Prove It to NYDFS
ScienceSoft’s security experts are here to help you promptly implement the cybersecurity controls required by the NYDFS Cybersecurity Regulation. Reach out to our team to stay compliant and protect your IT assets against the latest security threats.