Cybersecurity: How The New NYDFS Regulation Would Impact Large Companies>
Post Brexit Complaince – Frankfurt Kurnit Klein & Selz
This is the fifth post in a series of blog posts that analyze certain major proposed changes in the New York Department of Financial Services (“NYDFS”) Cybersecurity Regulation The proposed regulation redefines large or “Class A” companies under section 500.1(c) as: companies with over 2,000 employees (which includes affiliates and without regard to location) or companies with one billion in annual gross revenue (which includes affiliates and without regard to location) in each of the past two years. Five new obligations for large companies. conducting an annual independent audit (500.2(c)); conducting systemic scans or reviews of a company’s information systems at least weekly (500.5(a)(2)); monitoring privileged access activity and adopting secure access controls (500.7(b)); using external experts to conduct a risk assessment at least once every three years (500.9(d)); and using secure controls or tools including an endpoint detection and response solution to monitor anomalous activity, and a solution that centralizes logging and security event alerting (500.14(b)).
Link: https://postbrexitcompliance.com/2023/01/28/blog-cybersecurity-how-the-new-nydfs-regulation-would-impact-mondaq/