Information Shield Simplifies NY DFS Cyber Law Compliance

Share Article

New “IT Security Made Easy” platform automates key compliance requirements of new DFS cyber data protection law.

IT Security Made Easy with Information Shield

IT Security Made Easy

The DFS Law creates a new level of management accountability for cyber security

Information Shield - a leading provider of IT security compliance software - announced support for the new NYS Department of Financial Services (DFS) Cyber Law. Information Shield’s compliance software platform dramatically reduces the time and cost for compliance with the new law.

"The DFS Cyber Law places formal requirements on covered entities to build and demonstrate compliance with a robust information security program," said David Lineman, CEO of Information Shield. "This law creates a new level of accountability for senior management, requiring annual attestation of their information security controls. Using ComplianceShield, clients can quickly produce and maintain the compliance evidence they need to support attestation. Using a wizard-driven interface and Information Shield’s leading security policy templates, businesses can be up and running in minutes."

About ComplianceShield™

ComplianceShield enables any business to quickly define, document and demonstrate a robust information security program. The product takes the “policies made easy” concept to a new level, enabling companies to build a complete program around key security best practices. ComplianceShield is ideal for organizations that do not have access to cyber security talent, providing built-in security content and wizard-based automation.

Key Features of ComplianceShield Include:

Compliance Program Wizard - Build a security program in minutes using the Compliance Wizard. ComplianceShield's unique Common Control Library has over 400 controls addressing the latest technologies, threats and regulatory requirements. Easily map controls to comply with ISO 27002, HIPAA, NIST and PCI-DSS.

Security Policy Template Library - The DFS Law (500.03) requires a complete set of written security policies that are approved by management. ComplianceShield provides over 40 sample information security policies that address each of the required areas of the DFS Law. Examples include: data governance and classification; asset management; identity and access controls; business continuity planning (BCP); systems and network security; monitoring; physical and environmental security; third party security; and incident response.

Compliance Tracking and Evidence Management – The DFS law (500.02) requires companies to produce compliance evidence “on demand” and then maintain this for a period of 5 years. ComplianceShield stores all compliance artifacts securely in the cloud for easy sharing. Quickly demonstrate cyber security due-diligence to senior management, auditors, customers and insurers with custom auditor views.

Chief Security Officer Assignment – The NYS DFS law (500.14) requires organizations to appoint a qualified individual to manage the cyber security program. ComplianceShield clients get easy access to our Virtual CSO Service, saving both time and money.

Third Party Information Security Risk Management - The DFS law (500.11 a) requires a robust vendor risk management program. ComplianceShield enables automation of third party risk management through a secure portal with automated distribution. Cyber Risk Scoring allows clients to quickly assess the security and privacy risk of vendors. Security control reporting and secure evidence exchange can eliminate spreadsheets and other manual methods. Third party security policies and controls help define the entire process.

Security Awareness Education – The DFS law (500.14) requires regular security awareness training for employees. ComplianceShield includes a built-in Security Awareness Training library with a custom user portal. Clients can assign security policies, security awareness training and assessments to employees based on their job function. Clients can easily determine which of their employees or contractors have been trained in basic cyber security principles.

A free trial of ComplianceShield is available by registering at the Information Shield web site.

About Information Shield

Since 2004, Information Shield has focused exclusively on helping organizations document their information security and data privacy programs. Their leading policy template library, Information Security Policies Made Easy, is recognized as the “Gold Standard” policy reference by information security professionals. ComplianceShield™ provides companies with an easy, affordable tool to demonstrate compliance and reduce cyber risk. Organizations can learn more and request a free trial at

Share article on social media or email:

View article via:

Pdf Print

Contact Author

David Lineman
Information Shield
+1 888.641.0500 Ext: 500
Email >
since: 03/2009
Follow >
Information Shield - Security Policy
since: 05/2011
Like >
Information Shield

Visit website