From: JD Supra
In our series of posts leading up to the August 28th deadline for the first phase of requirements under New York’s cybersecurity regulation, the Patterson Belknap team looks at issues that institutions face as they implement the new rules.
In complying with the New York State Department of Financial Services (DFS) cybersecurity regulation, financial institutions have a choice. They can either employ “continuous monitoring” or, instead, conduct annual “penetration testing” and bi-annual “vulnerability assessments.”
***
The definition of continuous monitoring, in contrast, did not receive much attention in the regulation. In its “Frequently Asked Questions,” the DFS only states: Continuous monitoring can be obtained through a “variety of technical and procedural tools,” and there is “no specific technology that required to be used.” Monitoring must also have “the ability, on an ongoing basis, to detect changes” that may “create or indicate the existence of cybersecurity vulnerabilities or malicious activities.”
Leave a Reply