by John Verry | Aug 16, 2018 | InfoSec Strategies
Entities registered with New York State’s Department of Financial Services (NYDFS) are subject to compliance with the 23 NYCRR 500 (aka “Part 500” or “NYDFS 500”) cybersecurity regulation, and a new deadline is fast approaching. Entities who must comply include: Bank...
by John Verry | Jul 31, 2018 | InfoSec Strategies
The National Association of Insurance Commissioners’ (NAIC) adopted the Insurance Data Security Model Law in October 2017. It establishes minimum standards for data security applicable to insurance providers. I believe this legislation will have a significant impact...
by Jeremy Sporn | Mar 16, 2018 | ISMS Consulting
“Covered Entities” that have not yet submitted a certification of compliance for the New York Department of Financial Services’ NYDFS 500 Cybersecurity Regulation (also known as 23 NYCRR 500) received a none-too-gentle “reminder” earlier this month that they need to...
by Jeremy Sporn | Feb 15, 2018 | ISMS Consulting
We are often asked, “What is the best first step to move towards GDPR compliance for US-based organizations?”. The answer: Privacy Shield. How Does GDPR Affect US Companies? US companies have no legal ground to stand on for GDPR compliance. Privacy laws...
by Jeremy Sporn | Sep 22, 2017 | InfoSec Strategies
What Happened? We now know the Equifax data breach, which impacts almost 60% of the US adult population, was preceded by another breach or series of breaches of unknown magnitude back in March. We also know the July mega breach exploited a flaw in third-party code...
