ISF Supports New York State Department of Financial Services Cyber Security Requirements

NEW YORK - April 27, 2017 - PRLog -- As cyber security increasingly becomes a national security issue, governments are taking a more active role in defining responses to cyber threats. In an initiative to protect New York's financial services industry, Governor Andrew Cuomo recently introduced a new State regulation (23 NYCRR 500) to protect consumers and financial institutions from cyber-attacks. Effective March 1, this risk-driven regulation requires all financial services institutions regulated by the New York Department of Financial Services (DFS) to establish and maintain a cyber security program that will protect both customers' private data and the technology that supports this.

In an effort to support the New York State DFS cyber security requirements, the Information Security Forum (ISF) today announced the creation of a mapping between the DFS regulation and the ISF's research, tools and methodologies to aid DFS compliance. The mapping aids DFS compliance by showing which elements of the ISF's comprehensive library of good practice can be deployed to satisfy each of the DFS requirements. This good practice comprises:

·         A business-driven approach for identifying information risk in a manner that reflects risk appetite and recognizes compliance requirements (such as the DFS regulation), using Information Risk Assessment Methodology 2 (https://www.securityforum.org/tool/information-risk-asses...) (IRAM2)

·         Detailed guidance on specific controls that can be applied to mitigate information risk and enhance cyber resilience (including those specifically referenced by the DFS regulation, such as enhanced Access Control), captured in one place – The Standard of Good Practice for Information Security (https://www.securityforum.org/tool/the-isf-standardrmatio...) (the Standard)

·         Topic-specific 'deeper dive' material that provides further implementation guidance in areas of particular importance to cyber security, such as threat intelligence and application security

"New York is one of the financial centers of the world and this step is being taken to ensure that organizations that conduct business in New York are actually being compliant and are really facing up to the obligations that they have to protect information whether it be of a personal or financial transaction nature," said Steve Durbin, Managing Director, ISF. "With our latest mapping, ISF members now have the good practice, assessment tools and 'how to' guidance that supports DFS compliance. The ISF can assist organizations by partnering to implement these resources in a way that enables businesses to comply with the regulation while respecting important elements – such as your organizational risk appetite and business culture."

While the ISF has created a mapping between the DFS regulation and the ISF's research, tools and methodologies to aid DFS compliance, the organization recognizes that many businesses lack the time, resources or in-house expertise to deliver this business essential project. ISF Consultancy Services are available to provide independent and objective guidance that unleash the full potential of ISF deliverables in a way that is pragmatic and cost-efficient. ISF Consultancy Services provide organizations with a variety of business solutions which are tailored to meet their immediate business requirements. ISF consultants provide customized, professional support and training to strengthen an organization's cyber resilience and information risk management arrangements, therefore equipping them to respond to rapidly evolving security threats.

ISF Consultancy Services support a pragmatic, efficient cost effective approach on-site approach for businesses around the world. For more information on how ISF Consultancy Services can help your organization meet the DFS regulation, please visit https://www.securityforum.org/consultancy-services/.

About the Information Security Forum

Founded in 1989, the Information Security Forum (ISF) is an independent, not-for-profit association of leading organizations from around the world. The organization is dedicated to investigating, clarifying and resolving key issues in cyber, information security and risk management and developing best practice methodologies, processes and solutions that meet the business needs of its Members.

ISF Members benefit from harnessing and sharing in-depth knowledge and practical experience drawn from within their organizations and developed through an extensive research and work program. The ISF provides a confidential forum and framework, which ensures that Members adopt leading-edge information security strategies and solutions.By working together, ISF Members avoid the major expenditure required to reach the same goals on their own. Consultancy services are available and provide ISF Members and Non-Members with the opportunity to purchase short-term, professional support activities to supplement the implementation of ISF products.

For more information on ISF membership, please visit https://www.securityforum.org/.