Zofia Buzz

Jul
06
New York's Credit Reporting Agencies (CRA) Must Comply with New Cyber Mandate

temp-post-image

On June 25, 2018, any credit reporting agency (CRA) with “significant operations” in New York must register with the New York Department of Financial Services (NYDFS) and comply with the NYDFS cyber regulations under Part 500.CRAs must register by September 15, 2018. Also, in addition to registering, CRAs must begin complying with New York’s cyber regulations as early as November 1, 2018. There are multiple deadlines over the next year for CRA Compliance.

Here are some highlights:

  • By November 1, covered CRAs must have appointed a chief information security officer (CISO) and have implemented a written cybersecurity program, including an incident response plan, that are designed to safeguard the confidentiality, integrity and availability of the organization’s information systems.

  • CRA must base its cybersecurity program upon a conducted risk assessment, and it must have designed the program to enable the CRA to identify, detect, respond to and recover from a reportable “cybersecurity event.”

  • CRAs have a maximum of 72 hours to report a “cybersecurity event” to the NYDFS making the reporting requirements more consistent with Federal guidelines for government agencies.

  • A member of the board of directors, or a senior officer, of each CRA must certify annually to the NYDFS the agency’s compliance with the regulations. The first certification is due on February 15, 2019.

  • Under this regulation, NYDFS has the authority to deny, suspend, or revoke a CRA’s license and ability to conduct business in New York if the agency fails to comply with the NYDFS’s cyber regulations, including a failure to certify annually its compliance.

Zofia Consultants are experts in full-time CISO activities and Enterprise Security Risk Management.

Not every organization has the need or resources for full-time, all the time, cybersecurity support. Having “Virtual CISO” ™ expertise available part-time and virtually on-demand is a service more and more of our clients are asking for, particularly those needing to demonstrate compliance with State and Federal laws.

Zofia Consulting assists our clients through the complex cybersecurity maze and provides the necessary leadership and learning opportunities for ongoing protection, compliance, and mission success.

Learn more here: https://www.zofiaconsulting.com/virtual-ciso

 

Apr
06
WHAT IS A VIRTUAL CISO?

WHAT IS A ZOFIA CONSULTING VIRTUAL CISO?

temp-post-image

Dec
12
CYBERSECURITY IS RISK MANAGEMENT

temp-post-image


Cybersecurity is NOT just a technology problem. The majority of cyber incidents are caused by human action or inaction with the result becoming a risk to business operations and perhaps a risk to the survival of a business. Affected parties include shareholders, stakeholders, customers, executives, and employees of the business.


Jun
29
TIME TO GIVE YOUR INCIDENT RESPONSE PLAYBOOK A CHECKUP!

temp-post-image


As Spring turns to Summer and the cyber threats heat up just like the weather. It’s time to give your Incident Response (IR) playbook a checkup – same as your A/C system.


Here are the areas to do a quick check in your IR Playbook.