Third Rock, powered by CyberCompass®, now includes the NYDFS security risk assessment required by all New York financial entities. The NYDFS Cybersecurity Regulation (23 NYCRR 500) is “designed to promote the protection of customer information as well as the information technology systems of regulated entities”. This regulation requires each company to conduct a risk assessment and then implement a program with security controls for detecting and responding to cyber events.
The NYDFS has supervisory power over banks, insurance companies, and other financial service companies. More specifically, they supervise the following covered entities:
- Credit Unions
- Health Insurers
- Investment Companies
- Licensed Lenders
- Life Insurance Companies
- Mortgage Brokers
- Savings and Loans Associations
- Private Bankers
- Offices of Foreign Banks
- Commercial Banks
There are some exceptions to entities that have to meet the regulations.
NYDFS requires entities to complete the following:
- Risk Assessments
- Audit Trail including updated policy and procedures
- Incident Response Plan
CyberCompass® automates the numerous steps to completing a risk assessment with its on-demand, cloud-base software so a security risk assessment can be completed in 70% less time. It offers the unique feature to go beyond technology for information security and add the people, process and vendor compliance for information security.
“We expect what is happening in New York to happen across the country,” stated Robert Felps, CEO. “We have engineered CyberCompass to help companies meet regulations faster and require less work hours through built-in expertise and automated workflow.”
With Third Rock expertise and guidance, we work with you to use CyberCompass® to increase your compliance and manage your cyber risk.
| Steps necessary to complete Security Risk Assessments | How CyberCompass® automates workflow to complete a security risk assessment with its built-in expertise. |
| 1. Identify threats and vulnerabilities | By answering our online, on demand risk assessment survey. The questions have been specifically tailored and written in simple language to meet the NYDFS regulations and combined our cyber security risk expertise to assess your employees, processes, technologies and vendors. |
| 2. Qualify the extent of the risk | By answering our online, on demand risk assessment survey. The questions have been specifically tailored and written in simple language to meet the NYDFS regulations and combined our cyber security risk expertise to assess your employees, processes, technologies and vendors. |
| 3. Mitigate the risks to reduce them to an agreed and acceptable level | CyberCompass® automatically provides the corrective actions with a step by step guide that helps you ‘terminate’ the risk by eliminating it entirely, ‘treat’ the risk by applying security controls, ‘transfer’ the risk to a third party, or ‘tolerate’ the risk. |
| 4. Update policies and procedures | CyberCompass® has a built-in template to provide you a complete set of policies and procedures. |
| 5. Create incident response plan | A unique feature, only CyberCompass® can create the required incident response plan |
| 6. Review, monitor and audit. | Utilizing CyberCompass® software subscription and built in notifications, CyberCompass® empowers you to manage cyber risk in one place across the entire organization. |