Cyber

Penetration Testing Not Required For Limited Exempt Agencies

​We want to reaffirm to those of you who have limited exemptions under the New York cybersecurity regulation that it does not require you to perform network penetration testing.Some members have reported to us emails sent by  a cybersecurity services vendor. These messages stated that the New York State Department of Financial Services (DFS) is requiring all entities covered under the regulation, Cybersecurity Requirements for Financial Services Companies​, to perform regular penetration testing of their computer networks. The vendor has said that DFS is requiring covered entitites to do this, regardless of their size. The regulation defines "covered entity" as "any individual or any non-governmental entity operating under or required…

Continue ReadingPenetration Testing Not Required For Limited Exempt Agencies

Big I NY Works With DFS To Resolve Cyber Filing Problem

​We are happy to announce that the New York State Department of Financial Services (DFS) has resolved a problem that prevented some New York licensed agents and brokers from submitting the appropriate cybersecurity notice of exemption form. The DFS addressed the issue after Big I New York contacted them about it.New York's Cybersecurity Requirements For Financial Services Companies regulation, 23 NYCRR 500​, makes certain companies partially exempt ​from its requirements and certain individuals completely exempt. Those companies and individuals must submit a Notice of Exemption on the DFS website so that the department's computer system is aware of the exemptions. Failure to do so will…

Continue ReadingBig I NY Works With DFS To Resolve Cyber Filing Problem