Cybersecurity, Exercises, Government and Information Security

NYDFS releases major update to Part 500 cybersecurity requirements for financial services companies

Data Protection Report

NOVEMBER 8, 2023

On November 1, 2023, the New York Department of Financial Services (“NYDFS”) released the finalized amendments of Part 500 of its cybersecurity regulations. Some requirements also apply specifically to larger covered entities falling under the “Class A companies” category. f), is sufficient to trigger this new notice requirement.

Financial Services

Financial Services Cybersecurity Compliance Government

New SEC Cybersecurity Rules Could Affect Private Companies Too

eSecurity Planet

SEPTEMBER 23, 2022

Securities and Exchange Commission (SEC) strongly advised public companies to improve their cybersecurity. However, after minimal corporate adoption of stronger cybersecurity, the SEC has drafted rules to require more formal cybersecurity reporting and disclosure. See the top Governance, Risk & Compliance (GRC) tools.

Cybersecurity

Cybersecurity Compliance Risk Communications

Join 55,000+

Insiders

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Trending Sources

European Commission Publishes Draft Data Governance Act

Hunton Privacy

DECEMBER 2, 2020

On November 25, 2020, the European Commission published its Proposal for a Regulation on European Data Governance (the “Data Governance Act”). The Data Governance Act is part of a set of measures announced in the 2020 European Strategy for Data , which is aimed at putting the EU at the forefront of the data empowered society.

Government

Government Personal data Compliance GDPR

Italian National Cybersecurity Perimeter: With great power comes great responsibility!

Privacy and Cybersecurity Law

JUNE 23, 2021

On June 11, 2021, the Regulation on notifications of incidents affecting networks, information systems and IT services (“ Regulation ”) – adopted by means of the Decree of the President of the Council of Ministers (DPCM) of 14 April 2021, no. National and EU agenda for cybersecurity. 82, providing urgent provisions on cybersecurity.

Cybersecurity

Cybersecurity Communications Data breaches Security

China Issues Draft Guidelines on Certification of Personal Information Cross-Border Transfer Activities

Hunton Privacy

JUNE 14, 2022

On April 29, 2022, the National Information Security Standardization Technical Committee of China issued a draft version of the Cybersecurity Standard Practice Guidelines – Technical Specification on Certification of Personal Information Cross-border Transfer Activities (the “Guidelines”). Rights of Data Subjects.

Cybersecurity

Cybersecurity Information Security Access Government

How to implement the General Data Protection Regulation (GDPR)

IBM Big Data Hub

FEBRUARY 23, 2024

Identify and protect special category data When inventorying data, organizations should make a note of any especially sensitive data that requires extra protection. The GDPR mandates added precautions for three kinds of data in particular: special category data, criminal conviction data, and children’s data.

GDPR

GDPR Compliance Personal data Privacy

When And How Cos. Should Address Cyber Legal Compliance

Data Matters

OCTOBER 30, 2017

They can, however, engage in probing internal due diligence of their companies’ cyber governance and compliance posture before it is too late — that is, before a cyber event occurs. Responsibility for corporate cybersecurity extends from the chief information security officer’s office, to the C-suite, to the corporate boardroom.

Compliance

Compliance Cybersecurity Risk Government

What Should Be The Core Competencies For Cybersecurity For C-Suite

Cyber Info Veritas

JULY 18, 2018

This example, therefore, serves to show you the importance of taking cybersecurity seriously since a cyber attack can terribly damage an organization’s reputation and even lower the quality of the service or product it offers. Now, more and more businesses are elevating their cybersecurity from a mere IT issue to a strategic business risk.

Cybersecurity

Cybersecurity Ransomware Information Security Risk

CyberheistNews Vol 13 #14 [Eyes on the Prize] How Crafty Cons Attempted a 36 Million Vendor Email Heist

KnowBe4

APRIL 4, 2023

link] Artificial Intelligence Makes Phishing Text More Plausible Cybersecurity experts continue to warn that advanced chatbots like ChatGPT are making it easier for cybercriminals to craft phishing emails with pristine spelling and grammar, the Guardian reports. or UK government authority."

Phishing

Phishing Security awareness Cybersecurity Education

California Privacy Law Overhaul – Proposition 24 Passes

Data Matters

NOVEMBER 4, 2020

Third, it creates a new category of businesses: those that voluntarily agree to be subject to the CCPA. Entities must annually buy sell, or share personal information of 100,000 consumers, not 50,000 as under the CCPA, to qualify as a business under the second prong of the test. New Rights for Sensitive Personal Information.

Privacy

Privacy B2B Sales Data breaches

SEC Announces 2022 Examination Priorities: Private Funds, ESG, Retail, Cyber, Digital Assets Top the List

Data Matters

APRIL 6, 2022

Securities and Exchange Commission (SEC) Division of Enforcement (EXAMS or Division) issued its annual examination priorities. Private Fund, ESG Investing, Retail Investors, Cybersecurity, Fintech, and Digital Assets. Both categories will be examined for compliance with the SEC Standards for Covered Clearing Agencies.

Retail

Retail Compliance Sales Risk

Network Security Architecture: Best Practices & Tools

eSecurity Planet

APRIL 26, 2024

Internet of Things (IoT) security: Encompasses a variety of tools and techniques to secure IoT, operations technology (OT), and other similar categories of endpoints. Network Security Network security tools monitor and secure the connections between assets on the network and protect against specific network attacks.

Security

Security Cloud Cybersecurity Risk

CyberheistNews Vol 13 #27 [Heads Up] Massive Impersonation Phishing Campaign Imitates Over 100 Brands and Thousands of Domains

KnowBe4

JULY 5, 2023

Government. It's not common for any Wells notice to be sent to a company in relation to cybersecurity," a former DoJ prosecutor told me for my story, who said they're typically only sent to CEOs or CFOs over securities or other financial fraud. Date/Time: Wednesday, July 12, @ 2:00 PM (ET) Save My Spot! Thanks for your email.

Phishing

Phishing Security awareness Passwords Computer and Electronics

The Hacker Mind Podcast: Hacking Industrial Control Systems

ForAllSecure

APRIL 26, 2022

So there’s a need, a definite need, for information security professionals to have access to industrial control systems -- not virtual, but actual hands on systems -- so they can learn. In a moment I’ll introduce you to someone who is trying to do that--bring ICS equipment to security conferences. It really has.

Energy and Utilities

Energy and Utilities Manufacturing Risk IT

24 January Weekly podcast: Google GDPR fine, EU-US Privacy Shield and US DNS hijacking attacks

IT Governance

JANUARY 24, 2019

This week, we discuss Google’s €50 million GDPR fine, GDPR complaints against eight streaming services, Facebook’s Supreme Court appeal and its potential effects on the EU-US Privacy Shield, and an Emergency Directive from the US Department of Homeland Security. Here are this week’s stories.

GDPR

GDPR Privacy Personal data Government

Information Management Today

NYDFS releases major update to Part 500 cybersecurity requirements for financial services companies

New SEC Cybersecurity Rules Could Affect Private Companies Too

Trending Sources

European Commission Publishes Draft Data Governance Act

Italian National Cybersecurity Perimeter: With great power comes great responsibility!

China Issues Draft Guidelines on Certification of Personal Information Cross-Border Transfer Activities

How to implement the General Data Protection Regulation (GDPR)

When And How Cos. Should Address Cyber Legal Compliance

What Should Be The Core Competencies For Cybersecurity For C-Suite

CyberheistNews Vol 13 #14 [Eyes on the Prize] How Crafty Cons Attempted a 36 Million Vendor Email Heist

California Privacy Law Overhaul – Proposition 24 Passes

SEC Announces 2022 Examination Priorities: Private Funds, ESG, Retail, Cyber, Digital Assets Top the List

Network Security Architecture: Best Practices & Tools

CyberheistNews Vol 13 #27 [Heads Up] Massive Impersonation Phishing Campaign Imitates Over 100 Brands and Thousands of Domains

The Hacker Mind Podcast: Hacking Industrial Control Systems

24 January Weekly podcast: Google GDPR fine, EU-US Privacy Shield and US DNS hijacking attacks

Stay Connected