.png)
Cyber is the #1 business issue. This course focuses on control requirements for NYS DFS.
Ideal for:
CISOs, Compliance, Security Teams, IT Teams,, Legal team, and DPOs
New York State Department of Financial Services Part 500 - Course/Certification
This module provides a deep dive into the New York State Department of Financial Services Part 500 cybersecurity regulation. The New York State Department of Financial Services has been closely monitoring the ever-growing threat posed to information and financial systems by nation-states, terrorist organizations and independent criminal actors. Recently, cybercriminals have sought to exploit technological vulnerabilities to gain access to sensitive electronic data. Cybercriminals can cause significant financial losses for DFS regulated entities as well as for New York consumers whose private information may be revealed and/or stolen for illicit purposes.
In this module, students will understand who is in scope, exceptions to the regulation and how to comply with each section of the regulation. Students learn the requirements and which control tests are required. Students are required to do a vendor cyber risk assessment lab.
Here are the main objectives covered in the module:
- Section 500.02: Cybersecurity Program
- Section 500.03: Cybersecurity Policy
- Section 500.04: Chief Information Security Officer
- Section 500.05: Penetration Testing and Vulnerability Assessments
- Section 500.06: Audit Trail
- Section 500.07: Access Privileges
- Section 500.08: Application Security
- Section 500.09: Risk Assessment
- Section 500.10: Cybersecurity Personnel and Intelligence
- Section 500.11: Third-Party Service Provider Security Policy
- Section 500.12: Multi-Factor Authentication
- Section 500.13: Limitations on Data Retention
- Section 500.14: Training and Monitoring
- Section 500.15: Encryption of non-public Information
- Section 500.16: Incident Response Plan
- Section 500.17: Notices to Superintendent