Ask Tim; Cyber

​With the New York State Department of Financial Services' (DFS) recent adoption of the second amendment to the Cybersecurity Requirements For Financial Services Companies regulation​, members have naturally been contacting us to ask what they're required to do. The overwhelming majority of Big I NY members qualify for the limited exemption. If you're agency is one of them, here are the sections of the regulation you must comply with regardless of your agency's size:Section 500.2, Cybersecurity Program - you must have a program in place to protect your computer network and any nonpublic information (NPI) stored on it. The program is made up of the devices…

​As we reported yesterday​, the New York State Department of Financial Services has adopted its long-planned amendments to its Cybersecurity Requirements for Financial Services Companies regulation. We have prepared a summary of the changes in order of the dates when compliance is required. We plan to provide videos and other media to further explain the changes. Also, watch for your cha​nce to register for a special Gear Up presentation on the amendments later this month. Download the Summary Read the Text of the Amendments​Source

​The NYS Department of Financial Services this morning formally adopted changes to the cybersecurity regulation. This is something we have been anticipating for nearly 18 months. At the same time, it appears they may have emailed every licensed person for whom they have an email address to announce the adoption. You may have received this email. Here is what you need to know today: We are in the process of reviewing the final version of the amendments. This is the third version of the amendments DFS has published, and it is not identical to what they proposed earlier. ​Both previous versions stated that the earliest date compliance…