Let's Talk

About

Company

About Company
Leadership
Experts
Clients
Our Partners
Locations

Approach

Development Process
Security Management
Quality Management
Sustainability Policy
Privacy Policy
Terms of Use

Recognition

Testimonials
Awards

Join Us

Technology Partnership
Become Our Agent
Careers
Referral Program

Press Room

Press Inquiries
News

Services

Software Development
Testing and QA
Application Services
UI/UX Design
Infrastructure Services
Data Analytics
Digital Transformation
Managed IT Services
IT Outsourcing
IT Consulting
IT Support
Cybersecurity

Solutions

Solutions

CRM
Marketing & Advertising
Human Resources
eLearning
Document Management
Supply Chain Management
Fleet Management
Kiosk Software
ERP
Operations Management
Financial Management
Asset Management
Project Management
Data Analytics
Ecommerce
Web Portals
CMS

Industries

Healthcare
Banking, Financial Services, and Insurance
Manufacturing
Professional Services
Retail
Transportation and Logistics
Telecommunications
Oil & Gas

Technologies

Programming

Java
.NET
Python
PHP
Golang
C++
Node.js
JavaScript
React Native
Mobile

Trending

Cloud
Internet of Things
Big Data
Data Science
Artificial Intelligence
Blockchain
Virtual Reality
Augmented Reality
Computer Vision

Platforms

Microsoft
Azure
Power Apps
Dynamics 365
SharePoint and Office 365
Power BI
Amazon Web Services
Adobe Commerce
ServiceNow®
Salesforce
Pimcore
Case Studies
Pricing
Blog
Let's Talk
+1 214 306 68 37

Can't find what you need?

NYDFS Compliance Cybersecurity Assessment

In cybersecurity since 2003, ScienceSoft helps BFSI companies operating in New York state evaluate and achieve compliance with the NYDFS Cybersecurity Regulation.

Request NYDFS Compliance Assessment
NYDFS Compliance Cybersecurity Assessment – ScienceSoft
NYDFS Compliance Cybersecurity Assessment – ScienceSoft
Table of contents

Whom we serve

Assessment scope

Deliverables

Success stories

Service options

NYDFS compliance cybersecurity assessment is aimed to show how well a company meets the latest NYDFS Cybersecurity Regulation requirements at the strategic, administrative, and technical levels. It involves the review of the existing security program, policies, and measures to help discover and close the existing compliance gaps. It may also include risk assessment, penetration testing, and vulnerability assessment, which are integral to the NYDFS cybersecurity requirements.

Who Needs NYDFS Cybersecurity Assessment

The NYDFS Cybersecurity Regulation applies to all the DFS-regulated entities operating in New York state as well as third-party service providers servicing these regulated entities. ScienceSoft is ready to conduct NYDFS cybersecurity assessment for:

Banking institutions

  • Banks and trust companies.
  • Domestic representative offices.
  • Agencies, branches, representative offices of foreign banking organizations.
  • Private bankers.
  • Mortgage bankers.
  • Credit unions.
  • Investment companies.
  • Savings banks and savings & loan associations.

Insurance service providers

  • Health insurers (including non-profit health services, medical/dental expense indemnity corporations, HMOs).
  • Life insurers (including public pension funds, fraternal benefit societies, retirement systems, annuity societies, life settlement companies, union welfare funds).
  • Property and casualty insurers.
  • Reinsurance companies, and more.

Other financial service providers

  • Virtual currency businesses.
  • Licensed lenders.
  • Budget planners.
  • Check cashers.
  • Mortgage brokers.
  • Money transmitters.
  • Consumer credit reporting agencies.
  • Service contract providers.
  • Safe deposit companies.
  • Holding companies.
  • Premium finance agencies.
  • Charitable foundations, and more.

How Our NYDFS Cybersecurity Assessment Unfolds

Step 1

Taking into account the latest amendments to the NYDFS Cybersecurity Regulation, we analyze:

Compliance scope

We define the data, software, and IT infrastructure components that influence your NYDFS compliance.

Cybersecurity team

We review the composition of your cybersecurity team, the training and reporting policies.

Security program

Analyzing your overall security strategy, we verify your:

  • Cybersecurity risk identification, assessment, and mitigation mechanisms.
  • IT system and non-public information protection.
  • Detection, mitigation, and reporting of cybersecurity incidents, and more.

Security policies

We review all the specific security practices required by NYDFS:

  • IT asset inventory and management.
  • Data governance: classification, retention, deletion.
  • Access controls and identity management.
  • Vendor and third-party service provider management.
  • Software and network security.
  • Security monitoring and testing.
  • Risk assessment, incident response, disaster recovery.

Step 2

We document the detected compliance gaps and deliver a comprehensive roadmap for the necessary improvements to fully comply with the NYDFS Cybersecurity Regulation.

Step 3

At the customer’s request, we implement all the required remediation measures.

ScienceSoft’s Penetration Testing Consultant, CEH Uladzislau Murashka reminds:

According to the amended NYDFS Cybersecurity Regulation, a company must undergo regular risk assessment (once a year as a minimum, according to the proposed amendments), penetration testing at least once a year, and vulnerability assessment — at least twice a year. It is also important to keep up with the latest amendments introduced to the NYDFS regulations and promptly involve reliable regulatory consultants to help you stay compliant.

Deliverables You Get after NYDFS Compliance Cybersecurity Assessment

ScienceSoft is ready to provide detailed reports describing your company’s current security posture and the measures needed to achieve compliance with the NYDFS Cybersecurity Regulation. Depending on the scope of our services, they may include:

  • Compliance scope report with the inventory of data, software, and IT infrastructure components that influence your NYDFS compliance.
  • Report on the existing security policies with improvement recommendations.
  • Penetration testing and vulnerability assessment reports with the description and prioritization of the detected vulnerabilities and the required corrective measures to fix them.
  • Report on employee compliance awareness, including social engineering campaign results.
  • Risk assessment report describing the potential threats, vulnerabilities, the likelihood and impact of their exploitation.
  • Gap analysis report comparing the as-is state against the required compliance state.
  • A comprehensive roadmap for the strategic and tactical measures required to ensure full compliance with the NYDFS Cybersecurity Regulation.

Our Customers Say

Khalid Ahadov

Executive Director

ScienceSoft proved to be a reliable and agile technology partner. We especially appreciate their professional approach to security issues, which were among our main concerns due to strict regulations.

Rostyslav-Pavlo Shemeliak

Vice-President

We are fully satisfied with our partnership with ScienceSoft. Their team provided penetration testing in a timely and professional manner and gave us valuable recommendations on improving the security of our web apps and the external IP address.

Read Original

Juhani Onkalo

Head of eBanking

The team has been delivering results within budget and time. I’m absolutely satisfied with the quality of their services, their development skills and responsibility as well as the way they manage communication with us and our clients. I fully recommend ScienceSoft as a reliable IT partner!

Read Original

Why ScienceSoft

  • 19 years in cybersecurity, a solid portfolio of 200+ successfully completed projects.
  • 17 years of experience in IT services for banking and finance, 10 years – for the insurance industry.
  • Seasoned compliance consultants, IT security engineers, and Certified Ethical Hackers on board.
  • Mature quality management and customers’ data security ensured by ISO 9001 and ISO 27001 certificates.
  • Recognized as Top Penetration Testing Company by Clutch.
  • ScienceSoft USA Corporation is listed among The Americas’ Fastest-Growing Companies 2022 by Financial Times.

Trusted by global brands:

Major NYDFS Compliance Cybersecurity Assessment Concerns We Handle

Challenge 1

It is difficult to find a competent vendor who combines cybersecurity expertise, experience in the BFSI industry, and knowledge of NY-specific regulations

Answer

Answer: After 17 years of providing IT services to the banking and financial services industry, we deeply understand BFSI specifics and stay aware of the latest domain regulations. As a software development and IT consulting company, we know how to secure software and IT infrastructure against the latest cyber threats. And finally, we can competently handle the NYDFS cybersecurity requirements as they are based on the NIST 800-53 framework that we have been mastering for years.

Hide

Challenge 2

A high-level assessment that will only state our NYDFS compliance level is not enough. We need actionable insights and real improvements in our IT security

Answer

Answer: ScienceSoft’s assessment is followed by actionable guidance at the strategic and technical levels. To ensure both NYDFS compliance and reliable protection of your IT assets, we offer practical help:

  • Adjusting your existing security policies or designing them from scratch.
  • Implementing technical security controls that will work best for your specific IT environment.
  • Scheduling and conducting regular risk assessment, penetration testing, and vulnerability assessment to keep you protected against emerging cyber threats.
  • Checking and helping enhance your employees’ cyber awareness through social engineering campaigns, security training, and more.

Hide

On Guard of BFSI Security: ScienceSoft’s Selected Projects

AWS Cloud Security Assessment and Recurring Infrastructure Pentesting for a US Insurance Company

AWS Cloud Security Assessment and Recurring Infrastructure Pentesting for a US Insurance Company

As a part of a long-term security partnership, ScienceSoft performed two annual penetration tests of the IT infrastructure and AWS cloud security assessment for a US insurance company. Following ScienceSoft’s recommendations, the Customer managed to achieve and maintain a high security level of its IT environment.

Project details
Pentesting of Blockchain Software and IT Infrastructure for a Fintech Company

Pentesting of Blockchain Software and IT Infrastructure for a Fintech Company

ScienceSoft performed black box and gray box penetration testing for a US fintech company that delivers Bitcoin wallets, crypto ATM solutions, and other blockchain software. As a result, the Customer enhanced the security of its mobile and web applications and reliably protected its IT infrastructure.

Project details
Web Application Penetration Testing for a European Bank

Web Application Penetration Testing for a European Bank

ScienceSoft performed black box penetration tests of web applications for a bank with $300M+ in total assets and more than 40 national branches. The testers revealed 4 types of vulnerabilities and drew up a detailed remediation plan to ensure reliable protection of sensitive payment information.

Project details
Web Platform Pentesting and Data Breach Consulting for a Trading Services Provider

Web Platform Pentesting and Data Breach Consulting for a Trading Services Provider

ScienceSoft performed gray box penetration testing of a trading platform. Pentesting was following a data breach and was aimed to investigate its causes and help report the breach mitigation efforts to the regulatory authorities on time.

Project details
API Security Testing for a European Bank

API Security Testing for a European Bank

ScienceSoft's Certified Ethical Hackers conducted black box pentesting and security code review of an API for a European bank with $400M+ in assets and more than 100 physical branches across the country.

Project details

Service Options

Full assessment

We bring in our expertise in regulatory compliance and IT security management to thoroughly check each aspect required by the NYDFS Cybersecurity Regulation and offer the necessary improvements.

Go for Full Assessment

Assessment against the latest NYDFS amendments

Laser-focusing on the changes to be brought by the latest amendments, we help proactively implement the required measures and stay compliant.

Go for Targeted Assessment

Assessment and remediation

We guide you through every step to NYDFS Cybersecurity compliance, taking over all the required assessment and remediation activities.

Go for Assessment and Remediation

Invest in NYDFS Cybersecurity Compliance Now or Pay More Later

$30M

was the cybersecurity compliance breach penalty levied by NYDFS on a crypto trading service provider in 2022.

$5.72M

is the average cost of a data breach in the financial industry, according to the IBM Cost of a Data Breach Report 2022.

We Know How to Secure Your IT – and Prove It to NYDFS

ScienceSoft’s security experts are here to help you promptly implement the cybersecurity controls required by the NYDFS Cybersecurity Regulation. Reach out to our team to stay compliant and protect your IT assets against the latest security threats.

I’M INTERESTED

All about Cybersecurity

Services

Cybersecurity Services
Cybersecurity Consulting
Security Program Development
Identity and Access Management
Managed Security Services

Penetration Testing

Penetration Testing Services
Penetration Testing Costs
Network Penetration Testing

Application Security

Application Security Consulting
Application Security Assessment

IBM QRadar SIEM

IBM Security QRadar
Tools for IBM QRadar

IBM QRadar Tools: Deployment & Environment

QWAD WinCollect Assisted Deployment
QMLA Missing Logs Alert
QSSA Slow Search Alert
QLED Log Source EPS Details
QFSO Find Similar Offenses
QEFC Exclude From Correlation

Security Testing

Security Testing Services
DDoS Testing Services
Social Engineering Testing
Security Testing Guide

Vulnerability Assessment

Vulnerability Assessment Services
Network Vulnerability Assessment
Managed Vulnerability Assessment

Cloud Security

Cloud Security Consulting
Cloud Security Assessment

IBM QRadar Tools: Analytics & Reporting

QLEAN for QRadar Tuning & Health Check
QLEAN Demo
QLEAN Metrics Description
QLEAN Newsletter
QLEAN Legal Information
QSM Session Manager
QIN Incident Notifier
QOR Offense Reporter
QLSI Log Source Inventory

IBM QRadar Tools: MITRE ATT&CK

MITRE Windows Integration App
MITRE Linux Integration App
Linux MITRE ATTACK Rules

Compliance Services

Compliance Assessment
HIPAA Compliance
PCI Compliance
PCI Compliance Consulting

NYDFS Compliance Assessment You are here icon

Security Assessment

Security Assessment Services
IT Security Audit
IT Risk Assessment
Remote Work Security Assessment
Medical Device Security Assessment

Security Information and Event Management

Professional SIEM Services
ScienceSoft's SIEM Solution
APT Protection
ATM Security Protection
SIEM Materials to Download

IBM QRadar Tools: Data Integration

QMEA Microsoft Exchange Audit
QVTI Virus Total Integration
QDATA LDAP Data Enrichment
QTOR Darknet Monitoring
QDGA DGA Analyzer

Share:

facebook twitter linkedin