Assured Enterprises Ready to Support New York State’s New Cybersecurity Regulations

Share Article

An increased sensitivity to the high costs and long-term consequences of data breaches led the state of New York to develop a set of cybersecurity requirements, 23 NYCRR 500, for the financial industry. Now it’s time to devise a strategy to meet these new sweeping regulations with a comprehensive risk assessment system that can meet or exceed the requirements.

News Image

The TripleHelix Framework

AssuredScanDKV® is the only tool which can detect and show you how to shut down the vulnerabilities in a client’s software in real world time.

On March 1, 2017, new ground-breaking cybersecurity regulations issued by the New York State Department of Financial Services (NYDFS) go into effect. In addition to requiring most financial service organizations operating in the state to install a Chief Information Security Officer (CISO), report breaches within 72 hours, and use multifactor authentication, the regulation further requires a comprehensive organizational cybersecurity risk assessment with regular updates, annual penetration testing and bi-annual software vulnerability scans. Organizations have 180 days to achieve compliance with the new law. The keys to understanding the new law lie in risk assessment and mitigation and in the implied common law requirement to adopt the best available, commercially reasonable, solutions.

The new NYS regulations and Assured Enterprises’ comprehensive cyber risk assessment system, TripleHelix™, map perfectly to one another. TripleHelix™ provides a roadmap of improvements by assessing thousands of data points; it also provides a CyberScore®—the most accurate system of determining cyber health. CyberScore® can be used as a benchmarking tool and as a measurement tool to assess the efficacy of changes in the total environment. Penetration testing, encryption and other requirements are offered as part of the TripleHelix™ annual assessment.

Perhaps the most extraordinary overlap between TripleHelix™ and the NYDFS Regulations is the requirement to scan for software vulnerabilities on a bi-annual basis. Only AssuredScanDKV® is able to Detect the Known Vulnerabilities lurking within the software running on your network. Only AssuredScanDKV®, with its patent pending system, can unpack or unbundle Libraries and DLLs within Executables for a full binary scan. And only AssuredScanDKV® provides detailed remediation information and prioritization of risk to make the system actionable and user friendly. According to a Senior Officer of a client agency, “AssuredScanDKV® was easy to use, operated without defects or bugs and empowered [the Agency] to eliminate known software vulnerabilities within [its] software.” More on this agency case study here:

TripleHelix™ goes further. Assured can deliver virtually any regulatory, compliance, third party assessment, best practices report (PCI, HIPAA, FFIEC, ISO, NCUA, ISF and many more) including the compliance forms for the NYDSF Regulations directly into a client’s proprietary Regulatory Compliance Dossier. The report, available from Assured as part of a TripleHelix™ assessment, satisfies the annual statement of compliance which entities must submit by February 15th each year as required by NYDFS regulations. Virtually all cybersecurity regulatory standards can be addressed in an Assured company-specific Regulatory Compliance Dossier.

TripleHelix™ and AssuredScanDKV® are designed for major enterprises, but each is scalable to suit the needs of smaller operations—including all “covered entities” under the regulation—firms with 10+ employees.

“Some 80% of the successful attacks against corporate America, and the Russian hack of the Democratic National Committee, according to the FBI and DHS, exploited known vulnerabilities in the software to launch its malware attack,” explained Stephen M. Soble, CEO of Assured. “AssuredScanDKV® is the only tool which can detect and show you how to shut down the vulnerabilities in a client’s software in real world time,” he added.

“Assured’s TripleHelix™ comprehensive cybersecurity assessment system revolutionizes the requirement of annual or more frequent cybersecurity assessments. We have shunned the tick-the-box mentality and devised a granular, data-driven approach, which offers certifications and reports, a roadmap of improvements and a CyberScore®--a process which is more powerful and useful than any other assessment system on the market, including those offered by the Big Four accounting and audit firms,” Soble detailed.

Assured Enterprises clients include agencies in the most sensitive levels of the U.S. Government, companies among the Global Fortune 200, small and medium sized software developers, professional services providers and others. A soon to be released new product provides for the most comprehensive encryption key management on the market.

About Assured Enterprises:
Assured Enterprises offers a holistic approach to cybersecurity which includes: comprehensive assessments, testing, world class services and a proprietary product line designed to offer proactive cybersecurity.

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Michael Albrecht
since: 05/2016
Follow >
Assured Enterprises, Inc.

Visit website