by John Verry | Aug 16, 2018 | InfoSec Strategies
Entities registered with New York State’s Department of Financial Services (NYDFS) are subject to compliance with the 23 NYCRR 500 (aka “Part 500” or “NYDFS 500”) cybersecurity regulation, and a new deadline is fast approaching. Entities who must comply include: Bank...
by John Verry | Aug 7, 2018 | Government
The most significant privacy regulation enacted to date, the EU’s GDPR, still feels “over the horizon” to many US firms. For companies that have delayed privacy initiatives, it’s still easy to “risk rationalize” away the need to comply with GDPR. After all, there have...
by Jeremy Sporn | Mar 16, 2018 | ISMS Consulting
“Covered Entities” that have not yet submitted a certification of compliance for the New York Department of Financial Services’ NYDFS 500 Cybersecurity Regulation (also known as 23 NYCRR 500) received a none-too-gentle “reminder” earlier this month that they need to...
by Chris Banta | Dec 13, 2017 | InfoSec Strategies
We see plenty of organizations that are compliant—but not secure. Yet rarely, if ever, do we find an organization to be secure but not in compliance. Cybersecurity regulators care about compliance, but hackers are opportunistic and the slightest risk can lead to a...
by Jeremy Sporn | Nov 30, 2017 | ISMS Consulting
The Health Information Trust Alliance (HITRUST) Common Security Framework (CSF) is steadily gaining traction in the healthcare industry, with major players like Anthem, Highmark, Humana and UnitedHealth Group requiring their business associates (BAs) to obtain HISTUST...
