NYDFS Compliance Cybersecurity Assessment
In cybersecurity since 2003, ScienceSoft helps BFSI companies operating in New York state evaluate and achieve compliance with the NYDFS Cybersecurity Regulation.
Schedule a call
NYDFS compliance cybersecurity assessment is aimed to show how well a company meets the latest NYDFS Cybersecurity Regulation requirements at the strategic, administrative, and technical levels. It involves the review of the existing security program, policies, and measures to help discover and close the existing compliance gaps. It may also include risk assessment, penetration testing, and vulnerability assessment, which are integral to the NYDFS cybersecurity requirements.
Who Needs NYDFS Cybersecurity Assessment
The NYDFS Cybersecurity Regulation applies to all the DFS-regulated entities operating in New York state as well as third-party service providers servicing these regulated entities. ScienceSoft is ready to conduct NYDFS cybersecurity assessment for:
Banking institutions
- Banks and trust companies.
- Domestic representative offices.
- Agencies, branches, representative offices of foreign banking organizations.
- Private bankers.
- Mortgage bankers.
- Credit unions.
- Investment companies.
- Savings banks and savings & loan associations.
Insurance service providers
- Health insurers (including non-profit health services, medical/dental expense indemnity corporations, HMOs).
- Life insurers (including public pension funds, fraternal benefit societies, retirement systems, annuity societies, life settlement companies, union welfare funds).
- Property and casualty insurers.
- Reinsurance companies, and more.
Other financial service providers
- Virtual currency businesses.
- Licensed lenders.
- Budget planners.
- Check cashers.
- Mortgage brokers.
- Money transmitters.
- Consumer credit reporting agencies.
- Service contract providers.
- Safe deposit companies.
- Holding companies.
- Premium finance agencies.
- Charitable foundations, and more.
How Our NYDFS Cybersecurity Assessment Unfolds
Step 1
Taking into account the latest amendments to the NYDFS Cybersecurity Regulation, we analyze:
Compliance scope
We define the data, software, and IT infrastructure components that influence your NYDFS compliance.
Cybersecurity team
We review the composition of your cybersecurity team, the training and reporting policies.
Security program
Analyzing your overall security strategy, we verify your:
- Cybersecurity risk identification, assessment, and mitigation mechanisms.
- IT system and non-public information protection.
- Detection, mitigation, and reporting of cybersecurity incidents, and more.
Security policies
We review all the specific security practices required by NYDFS:
- IT asset inventory and management.
- Data governance: classification, retention, deletion.
- Access controls and identity management.
- Vendor and third-party service provider management.
- Software and network security.
- Security monitoring and testing.
- Risk assessment, incident response, disaster recovery.
Step 2
We document the detected compliance gaps and deliver a comprehensive roadmap for the necessary improvements to fully comply with the NYDFS Cybersecurity Regulation.
Step 3
At the customer’s request, we implement all the required remediation measures.
According to the amended NYDFS Cybersecurity Regulation, a company must undergo regular risk assessment (once a year as a minimum, according to the proposed amendments), penetration testing at least once a year, and vulnerability assessment — at least twice a year. It is also important to keep up with the latest amendments introduced to the NYDFS regulations and promptly involve reliable regulatory consultants to help you stay compliant.
Deliverables You Get After NYDFS Compliance Cybersecurity Assessment
ScienceSoft is ready to provide detailed reports describing your company’s current security posture and the measures needed to achieve compliance with the NYDFS Cybersecurity Regulation. Depending on the scope of our services, they may include:
|
|
Compliance scope report with the inventory of data, software, and IT infrastructure components that influence your NYDFS compliance. |
|
|
Report on the existing security policies with improvement recommendations. |
|
|
Penetration testing and vulnerability assessment reports with the description and prioritization of the detected vulnerabilities and the required corrective measures to fix them. |
|
|
Report on employee compliance awareness, including social engineering campaign results. |
|
|
Risk assessment report describing the potential threats, vulnerabilities, the likelihood and impact of their exploitation. |
|
|
Gap analysis report comparing the as-is state against the required compliance state. |
|
|
A comprehensive roadmap for the strategic and tactical measures required to ensure full compliance with the NYDFS Cybersecurity Regulation. |
Why ScienceSoft
- 20 years in cybersecurity, a solid portfolio of successfully completed projects.
- 18 years of experience in IT services for banking and finance, 11 years – for the insurance industry.
- Seasoned compliance consultants, IT security engineers, and Certified Ethical Hackers on board.
- Mature quality management and customers’ data security ensured by ISO 9001 and ISO 27001 certificates.
- Recognized as Top Penetration Testing Company by Clutch.
- For the second straight year, ScienceSoft USA Corporation is listed among The Americas’ Fastest-Growing Companies by the Financial Times.
Trusted by global brands:
Major NYDFS Compliance Cybersecurity Assessment Concerns We Handle
Challenge 1
It is difficult to find a competent vendor who combines cybersecurity expertise, experience in the BFSI industry, and knowledge of NY-specific regulations.
Answer
Answer
After 17 years of providing IT services to the banking and financial services industry, we deeply understand BFSI specifics and stay aware of the latest domain regulations. As a software development and IT consulting company, we know how to secure software and IT infrastructure against the latest cyber threats. And finally, we can competently handle the NYDFS cybersecurity requirements as they are based on the NIST 800-53 framework that we have been mastering for years.
HIDE
Challenge 2
A high-level assessment that will only state our NYDFS compliance level is not enough. We need actionable insights and real improvements in our IT security.
Answer
Answer
ScienceSoft’s assessment is followed by actionable guidance at the strategic and technical levels. To ensure both NYDFS compliance and reliable protection of your IT assets, we offer practical help:
- Adjusting your existing security policies or designing them from scratch.
- Implementing technical security controls that will work best for your specific IT environment.
- Scheduling and conducting regular risk assessment, penetration testing, and vulnerability assessment to keep you protected against emerging cyber threats.
- Checking and helping enhance your employees’ cyber awareness through social engineering campaigns, security training, and more.
HIDE
On Guard of BFSI Security: ScienceSoft’s Selected Projects
AWS Cloud Security Assessment and Recurring Infrastructure Pentesting for a US Insurance Company
As a part of a long-term security partnership, ScienceSoft performed two annual penetration tests of the IT infrastructure and AWS cloud security assessment for a US insurance company. Following ScienceSoft’s recommendations, the Customer managed to achieve and maintain a high security level of its IT environment.
Pentesting of Blockchain Software and IT Infrastructure for a Fintech Company
ScienceSoft performed black box and gray box penetration testing for a US fintech company that delivers Bitcoin wallets, crypto ATM solutions, and other blockchain software. As a result, the Customer enhanced the security of its mobile and web applications and reliably protected its IT infrastructure.
Web Application Penetration Testing for a European Bank
ScienceSoft performed black box penetration tests of web applications for a bank with $300M+ in total assets and more than 40 national branches. The testers revealed 4 types of vulnerabilities and drew up a detailed remediation plan to ensure reliable protection of sensitive payment information.
Web Platform Pentesting and Data Breach Consulting for a Trading Services Provider
ScienceSoft performed gray box penetration testing of a trading platform. Pentesting was following a data breach and was aimed to investigate its causes and help report the breach mitigation efforts to the regulatory authorities on time.
API Security Testing for a European Bank
ScienceSoft's Certified Ethical Hackers conducted black box pentesting and security code review of an API for a European bank with $400M+ in assets and more than 100 physical branches across the country.
Choose Your Service Option
Full assessment
We apply our expertise in regulatory compliance and IT security management to thoroughly check each aspect required by the NYDFS Cybersecurity Regulation and offer the necessary improvements.
Assessment against the latest NYDFS amendments
Laser-focusing on the changes to be brought by the latest amendments, we help proactively implement the required measures and stay compliant.
Assessment and remediation
We guide you through every step to NYDFS Cybersecurity compliance, taking over all the required assessment and remediation activities.
Invest in NYDFS Cybersecurity Compliance Now or Pay More Later
|
$30M was the cybersecurity compliance breach penalty levied by NYDFS on a crypto trading service provider in 2022. |
$5.72M is the average cost of a data breach in the financial industry, according to the IBM Cost of a Data Breach Report 2022. |