SlideShare a Scribd company logo

What Financial Institution Cyber Regs Tell the Infrastructure Sector

CBIZ, Inc.
CBIZ, Inc.

Information security is a threat for every business, but it’s particularly disruptive to the nation’s infrastructure systems. Infrastructure companies should monitor how mandatory rules play out for financial institutions. If the regulatory efforts are successful in reducing the number of financial institution cyber incidents, state and federal regulators may turn their attention to other industries.

Economy & Finance
1 of 2
Download to read offline
Banking & Financial Services BY KRIS ST. MARTIN  I nformation security is a threat for every business, but it’s particularly disruptive to the nation’s infrastructure systems. Transportation, communications, financial institutions—if unauthorized users access information related to the core industries needed for everyday activities, it could be catastrophic. Protecting infrastructure systems is a top priority for regulators. In 2013, an executive order was passed to increase cybersecurity awareness among the infrastructure sector. Among other provisions, the executive order led to the National Institute of Standards and Technology (NIST) Cybersecurity Framework, which today is one of the gold standards for information security protection. It also created the Critical Infrastructure Cyber Community Voluntary Program to help infrastructure industries adopt the recommendations in the NIST framework. The frameworks established, however, only provide recommendations for improvements. Regulators are weighing whether to make the best practices identified in cybersecurity protection mandatory. Financial institutions in particular may soon find that robust cybersecurity programs are not optional. A closer look at the developments in information security requirements for financial institutions may give us a glimpse of what’s ahead for cybersecurity regulation of other infrastructure industries—and other companies at high risk for data breach. Proposed Regulations in the Works The Federal Financial Institutions Examination Council (FFIEC) has cybersecurity recommendations for all financial institutions. These regulations include ongoing risk assessments and risk mitigation practices. It suggests following software assurance industry practices for applications and regularly evaluating third-party software and services for unusual activity or behavior. It also has recommendations for protecting user permissions and cybersecurity awareness training. In 2016, financial regulators proposed taking things a step further. The Office of the Comptroller of the Currency, the Board of Governors of the Federal Reserve System and the Federal Deposit Insurance Company announced proposed cybersecurity rules for large financial institutions. Rules would apply to any bank or financial institution with total consolidated assets of $50 billion or more, or any bank or financial institution that is a subsidiary of a financial institution with $50 billion or more in total consolidated assets. Third party service providers that serve these financial institutions would need to implement the rules as well. Rules, which draw heavily from the NIST Cybersecurity framework and other cybersecurity publications, fall into five general categories: cyber risk governance, cyber risk management, internal dependency management, external dependency management and incidence response, cyber resilience and situational awareness. Comments on the proposed rules were due by Jan. 17, 2017, but later were extended to Feb. 17, 2017. It remains to be seen how the proposed rules would change in a final version. Local Cybersecurity Efforts Another trend that may be worth monitoring is state- mandated cybersecurity requirements. In the wake of cybersecurity incidents that affected the New York Stock Exchange and other New York-based financial institutions, the state passed its own cybersecurity requirements for (Continued on page 2) What Financial Institution Cybersecurity Regulations Tell Us About Cybersecurity for the Infrastructure Sector 1-800-ASK-CBIZ • cbiz.com/banking @CBZCBIZ BizTipsVideos DECEMBER 2017
financial institutions. Rules in 23 NYCRR 500 became effective on March 1, 2017 for qualifying financial institutions. It requires financial institutions to implement a comprehensive cybersecurity program that covers 17 key components, including: ■ A formal cybersecurity program and policy ■ A chief information security officer ■ Regular penetration testing and vulnerability assessments ■ A cybersecurity audit trail ■ Access privileges requirements ■ Application security measures ■ Cybersecurity personnel and intelligence ■ A formal third party service provider security policy ■ Multifactor authentication for network access ■ Limitations on data retention ■ Ongoing training and monitoring ■ Encryption of nonpublic information ■ An incident response plan ■ Notices to superintendent ■ Confidentiality measures Lessons from Financial Institution Regulation Infrastructure companies should monitor how mandatory rules play out for financial institutions. If the regulatory (Continued from page 1) efforts are successful in reducing the number of financial institution cybersecurity incidents, state and federal regulators may turn their attention to other industries. Organizations that have had a history of information security threats and disruptions may also want to consider undergoing a cybersecurity risk assessment and penetration testing exercises to pinpoint where their current practices are falling short. All sectors should also consider the benefits of cyber liability insurance. Insurance policies frequently require a minimum set of standards to be in place to protect information security and may help keep your organization up-to-date on cybersecurity best practices. Related Reading ■ A Good Cybersecurity Defense Starts with People ■ The Internet of Things Makes the Future of Cybersecurity Much More Complicated ■ Cybersecurity Check-In: 6 Questions Boards of Directors Should Ask About Cybersecurity If you have specific comments, questions or concerns about cybersecurity, you can reach Kris St. Martin at 763-549-2267 or kstmartin@cbiz.com, or contact your local CBIZ advisor. KRIS ST. MARTIN Minneapolis, MN 1-800-ASK-CBIZ • cbiz.com/banking @CBZCBIZ BizTipsVideos DECEMBER 2017

Recommended

GTSC Annual Meeting 2014: Justin Chiarodo: Ethics & Compliance: Suspension an...
GTSC Annual Meeting 2014: Justin Chiarodo: Ethics & Compliance: Suspension an...GTSC Annual Meeting 2014: Justin Chiarodo: Ethics & Compliance: Suspension an...
GTSC Annual Meeting 2014: Justin Chiarodo: Ethics & Compliance: Suspension an...Government Technology and Services Coalition
 
Rick Borden, Chief Privacy Officer, White & Williams LLP - #InfoGov17 - Cyber...
Rick Borden, Chief Privacy Officer, White & Williams LLP - #InfoGov17 - Cyber...Rick Borden, Chief Privacy Officer, White & Williams LLP - #InfoGov17 - Cyber...
Rick Borden, Chief Privacy Officer, White & Williams LLP - #InfoGov17 - Cyber...ARMA International
 
Data breach-response-planning-laying-the-right-foundation
Data breach-response-planning-laying-the-right-foundationData breach-response-planning-laying-the-right-foundation
Data breach-response-planning-laying-the-right-foundationBradley Arant Boult Cummings LLP
 
Cyber ANPR Regulatory Alert - October 2016
Cyber ANPR Regulatory Alert - October 2016Cyber ANPR Regulatory Alert - October 2016
Cyber ANPR Regulatory Alert - October 2016Ben-Ari Boukai
 
How to Approach the NYDFS Proposed Cybersecurity Requirements
How to Approach the NYDFS Proposed Cybersecurity RequirementsHow to Approach the NYDFS Proposed Cybersecurity Requirements
How to Approach the NYDFS Proposed Cybersecurity RequirementsKyle Brown
 
Business Security Check Reducing Risks Your Computer Systems
Business Security Check Reducing Risks Your Computer SystemsBusiness Security Check Reducing Risks Your Computer Systems
Business Security Check Reducing Risks Your Computer Systems- Mark - Fullbright
 
New York DFS proposed cybersecurity regulations
New York DFS proposed cybersecurity regulationsNew York DFS proposed cybersecurity regulations
New York DFS proposed cybersecurity regulationsBrunswick Group
 
Lesson 1
Lesson 1Lesson 1
Lesson 1MLG College of Learning, Inc
 

Recommended

GTSC Annual Meeting 2014: Justin Chiarodo: Ethics & Compliance: Suspension an...
GTSC Annual Meeting 2014: Justin Chiarodo: Ethics & Compliance: Suspension an...GTSC Annual Meeting 2014: Justin Chiarodo: Ethics & Compliance: Suspension an...
GTSC Annual Meeting 2014: Justin Chiarodo: Ethics & Compliance: Suspension an...Government Technology and Services Coalition
 
Rick Borden, Chief Privacy Officer, White & Williams LLP - #InfoGov17 - Cyber...
Rick Borden, Chief Privacy Officer, White & Williams LLP - #InfoGov17 - Cyber...Rick Borden, Chief Privacy Officer, White & Williams LLP - #InfoGov17 - Cyber...
Rick Borden, Chief Privacy Officer, White & Williams LLP - #InfoGov17 - Cyber...ARMA International
 
Data breach-response-planning-laying-the-right-foundation
Data breach-response-planning-laying-the-right-foundationData breach-response-planning-laying-the-right-foundation
Data breach-response-planning-laying-the-right-foundationBradley Arant Boult Cummings LLP
 
Cyber ANPR Regulatory Alert - October 2016
Cyber ANPR Regulatory Alert - October 2016Cyber ANPR Regulatory Alert - October 2016
Cyber ANPR Regulatory Alert - October 2016Ben-Ari Boukai
 
How to Approach the NYDFS Proposed Cybersecurity Requirements
How to Approach the NYDFS Proposed Cybersecurity RequirementsHow to Approach the NYDFS Proposed Cybersecurity Requirements
How to Approach the NYDFS Proposed Cybersecurity RequirementsKyle Brown
 
Business Security Check Reducing Risks Your Computer Systems
Business Security Check Reducing Risks Your Computer SystemsBusiness Security Check Reducing Risks Your Computer Systems
Business Security Check Reducing Risks Your Computer Systems- Mark - Fullbright
 
New York DFS proposed cybersecurity regulations
New York DFS proposed cybersecurity regulationsNew York DFS proposed cybersecurity regulations
New York DFS proposed cybersecurity regulationsBrunswick Group
 
Lesson 1
Lesson 1Lesson 1
Lesson 1MLG College of Learning, Inc
 
Cybersecurity and Data Privacy Whistleblower Protections
Cybersecurity and Data Privacy Whistleblower ProtectionsCybersecurity and Data Privacy Whistleblower Protections
Cybersecurity and Data Privacy Whistleblower ProtectionsZuckerman Law Whistleblower Protection Law Firm
 
Compliance in Unified Communications & Collaboration- The Financial Sector (1)
Compliance in Unified Communications & Collaboration- The Financial Sector (1)Compliance in Unified Communications & Collaboration- The Financial Sector (1)
Compliance in Unified Communications & Collaboration- The Financial Sector (1)Steve Hood
 
NYDFS Cybersecurity Regulations - 23 NYCRR Part 500
NYDFS Cybersecurity Regulations - 23 NYCRR Part 500NYDFS Cybersecurity Regulations - 23 NYCRR Part 500
NYDFS Cybersecurity Regulations - 23 NYCRR Part 500Shawn Tuma
 
Implications of acts in organizations
Implications of acts in organizations Implications of acts in organizations
Implications of acts in organizations Swarupa Rani Sahu
 
Mbs r35 b
Mbs r35 bMbs r35 b
Mbs r35 bSelectedPresentations
 
Securing the Information Society
Securing the Information SocietySecuring the Information Society
Securing the Information Societyblogzilla
 
Ruben Muradyan - Cybersecurity - ArmIGF 2015
Ruben Muradyan - Cybersecurity - ArmIGF 2015Ruben Muradyan - Cybersecurity - ArmIGF 2015
Ruben Muradyan - Cybersecurity - ArmIGF 2015Arm Igf
 
Building a cybercrime case
Building a cybercrime caseBuilding a cybercrime case
Building a cybercrime caseOnline
 
New York Department of Financial Services Cybersecurity Regulations
New York Department of Financial Services Cybersecurity RegulationsNew York Department of Financial Services Cybersecurity Regulations
New York Department of Financial Services Cybersecurity RegulationsShawn Tuma
 
Capstone Final Presentation
Capstone Final PresentationCapstone Final Presentation
Capstone Final PresentationKartik Uppal
 
Cyber Insurance - The Basics
Cyber Insurance - The Basics Cyber Insurance - The Basics
Cyber Insurance - The Basics Chris Stallard
 
Combating cyber crimes chinatu
Combating cyber crimes chinatuCombating cyber crimes chinatu
Combating cyber crimes chinatuChinatu Uzuegbu
 
Potential Impact of Cyber Attacks on Critical Infrastructure
Potential Impact of Cyber Attacks on Critical InfrastructurePotential Impact of Cyber Attacks on Critical Infrastructure
Potential Impact of Cyber Attacks on Critical InfrastructureUnisys Corporation
 
IASA ey deck presentation
IASA ey deck presentationIASA ey deck presentation
IASA ey deck presentationKenneth Dorado, CISA, HCISPP
 
Protection of critical information infrastructure
Protection of critical information infrastructureProtection of critical information infrastructure
Protection of critical information infrastructureNeha Agarwal
 
Infocom security 2016 - Cromar Presentation
Infocom security 2016 - Cromar PresentationInfocom security 2016 - Cromar Presentation
Infocom security 2016 - Cromar PresentationEthos Media S.A.
 
Assessing Risk: How Organizations Can Proactively Manage Privacy Risk
Assessing Risk: How Organizations Can Proactively Manage Privacy RiskAssessing Risk: How Organizations Can Proactively Manage Privacy Risk
Assessing Risk: How Organizations Can Proactively Manage Privacy RiskTrustArc
 
How to keep out of trouble with GDPR: The case of Facebook, Google and Experian
How to keep out of trouble with GDPR: The case of Facebook, Google and ExperianHow to keep out of trouble with GDPR: The case of Facebook, Google and Experian
How to keep out of trouble with GDPR: The case of Facebook, Google and ExperianPECB
 
CBIZ Banking & Financial Services Hot Topics - January 2018
CBIZ Banking & Financial Services Hot Topics - January 2018CBIZ Banking & Financial Services Hot Topics - January 2018
CBIZ Banking & Financial Services Hot Topics - January 2018CBIZ, Inc.
 
Cybersecurity solution-guide
Cybersecurity solution-guideCybersecurity solution-guide
Cybersecurity solution-guideAdilsonSuende
 
Cyber security reguations: The shape of things to come for captives?
Cyber security reguations: The shape of things to come for captives?Cyber security reguations: The shape of things to come for captives?
Cyber security reguations: The shape of things to come for captives?Daniel Message
 
Forecast cybersecurity regulation v3
Forecast cybersecurity regulation v3Forecast cybersecurity regulation v3
Forecast cybersecurity regulation v3Joe Orlando
 

More Related Content

What's hot

Compliance in Unified Communications & Collaboration- The Financial Sector (1)
Compliance in Unified Communications & Collaboration- The Financial Sector (1)Compliance in Unified Communications & Collaboration- The Financial Sector (1)
Compliance in Unified Communications & Collaboration- The Financial Sector (1)Steve Hood
 
NYDFS Cybersecurity Regulations - 23 NYCRR Part 500
NYDFS Cybersecurity Regulations - 23 NYCRR Part 500NYDFS Cybersecurity Regulations - 23 NYCRR Part 500
NYDFS Cybersecurity Regulations - 23 NYCRR Part 500Shawn Tuma
 
Implications of acts in organizations
Implications of acts in organizations Implications of acts in organizations
Implications of acts in organizations Swarupa Rani Sahu
 
Securing the Information Society
Securing the Information SocietySecuring the Information Society
Securing the Information Societyblogzilla
 
Ruben Muradyan - Cybersecurity - ArmIGF 2015
Ruben Muradyan - Cybersecurity - ArmIGF 2015Ruben Muradyan - Cybersecurity - ArmIGF 2015
Ruben Muradyan - Cybersecurity - ArmIGF 2015Arm Igf
 
Building a cybercrime case
Building a cybercrime caseBuilding a cybercrime case
Building a cybercrime caseOnline
 
New York Department of Financial Services Cybersecurity Regulations
New York Department of Financial Services Cybersecurity RegulationsNew York Department of Financial Services Cybersecurity Regulations
New York Department of Financial Services Cybersecurity RegulationsShawn Tuma
 
Capstone Final Presentation
Capstone Final PresentationCapstone Final Presentation
Capstone Final PresentationKartik Uppal
 
Cyber Insurance - The Basics
Cyber Insurance - The Basics Cyber Insurance - The Basics
Cyber Insurance - The Basics Chris Stallard
 
Combating cyber crimes chinatu
Combating cyber crimes chinatuCombating cyber crimes chinatu
Combating cyber crimes chinatuChinatu Uzuegbu
 
Potential Impact of Cyber Attacks on Critical Infrastructure
Potential Impact of Cyber Attacks on Critical InfrastructurePotential Impact of Cyber Attacks on Critical Infrastructure
Potential Impact of Cyber Attacks on Critical InfrastructureUnisys Corporation
 
Protection of critical information infrastructure
Protection of critical information infrastructureProtection of critical information infrastructure
Protection of critical information infrastructureNeha Agarwal
 
Infocom security 2016 - Cromar Presentation
Infocom security 2016 - Cromar PresentationInfocom security 2016 - Cromar Presentation
Infocom security 2016 - Cromar PresentationEthos Media S.A.
 
Assessing Risk: How Organizations Can Proactively Manage Privacy Risk
Assessing Risk: How Organizations Can Proactively Manage Privacy RiskAssessing Risk: How Organizations Can Proactively Manage Privacy Risk
Assessing Risk: How Organizations Can Proactively Manage Privacy RiskTrustArc
 
How to keep out of trouble with GDPR: The case of Facebook, Google and Experian
How to keep out of trouble with GDPR: The case of Facebook, Google and ExperianHow to keep out of trouble with GDPR: The case of Facebook, Google and Experian
How to keep out of trouble with GDPR: The case of Facebook, Google and ExperianPECB
 

What's hot (18)

Cybersecurity and Data Privacy Whistleblower Protections
Cybersecurity and Data Privacy Whistleblower ProtectionsCybersecurity and Data Privacy Whistleblower Protections
Cybersecurity and Data Privacy Whistleblower Protections
 
Compliance in Unified Communications & Collaboration- The Financial Sector (1)
Compliance in Unified Communications & Collaboration- The Financial Sector (1)Compliance in Unified Communications & Collaboration- The Financial Sector (1)
Compliance in Unified Communications & Collaboration- The Financial Sector (1)
 
NYDFS Cybersecurity Regulations - 23 NYCRR Part 500
NYDFS Cybersecurity Regulations - 23 NYCRR Part 500NYDFS Cybersecurity Regulations - 23 NYCRR Part 500
NYDFS Cybersecurity Regulations - 23 NYCRR Part 500
 
Implications of acts in organizations
Implications of acts in organizations Implications of acts in organizations
Implications of acts in organizations
 
Mbs r35 b
Mbs r35 bMbs r35 b
Mbs r35 b
 
Securing the Information Society
Securing the Information SocietySecuring the Information Society
Securing the Information Society
 
Ruben Muradyan - Cybersecurity - ArmIGF 2015
Ruben Muradyan - Cybersecurity - ArmIGF 2015Ruben Muradyan - Cybersecurity - ArmIGF 2015
Ruben Muradyan - Cybersecurity - ArmIGF 2015
 
Building a cybercrime case
Building a cybercrime caseBuilding a cybercrime case
Building a cybercrime case
 
New York Department of Financial Services Cybersecurity Regulations
New York Department of Financial Services Cybersecurity RegulationsNew York Department of Financial Services Cybersecurity Regulations
New York Department of Financial Services Cybersecurity Regulations
 
Capstone Final Presentation
Capstone Final PresentationCapstone Final Presentation
Capstone Final Presentation
 
Cyber Insurance - The Basics
Cyber Insurance - The Basics Cyber Insurance - The Basics
Cyber Insurance - The Basics
 
Combating cyber crimes chinatu
Combating cyber crimes chinatuCombating cyber crimes chinatu
Combating cyber crimes chinatu
 
Potential Impact of Cyber Attacks on Critical Infrastructure
Potential Impact of Cyber Attacks on Critical InfrastructurePotential Impact of Cyber Attacks on Critical Infrastructure
Potential Impact of Cyber Attacks on Critical Infrastructure
 
IASA ey deck presentation
IASA ey deck presentationIASA ey deck presentation
IASA ey deck presentation
 
Protection of critical information infrastructure
Protection of critical information infrastructureProtection of critical information infrastructure
Protection of critical information infrastructure
 
Infocom security 2016 - Cromar Presentation
Infocom security 2016 - Cromar PresentationInfocom security 2016 - Cromar Presentation
Infocom security 2016 - Cromar Presentation
 
Assessing Risk: How Organizations Can Proactively Manage Privacy Risk
Assessing Risk: How Organizations Can Proactively Manage Privacy RiskAssessing Risk: How Organizations Can Proactively Manage Privacy Risk
Assessing Risk: How Organizations Can Proactively Manage Privacy Risk
 
How to keep out of trouble with GDPR: The case of Facebook, Google and Experian
How to keep out of trouble with GDPR: The case of Facebook, Google and ExperianHow to keep out of trouble with GDPR: The case of Facebook, Google and Experian
How to keep out of trouble with GDPR: The case of Facebook, Google and Experian
 

Similar to What Financial Institution Cyber Regs Tell the Infrastructure Sector

CBIZ Banking & Financial Services Hot Topics - January 2018
CBIZ Banking & Financial Services Hot Topics - January 2018CBIZ Banking & Financial Services Hot Topics - January 2018
CBIZ Banking & Financial Services Hot Topics - January 2018CBIZ, Inc.
 
Cybersecurity solution-guide
Cybersecurity solution-guideCybersecurity solution-guide
Cybersecurity solution-guideAdilsonSuende
 
Cyber security reguations: The shape of things to come for captives?
Cyber security reguations: The shape of things to come for captives?Cyber security reguations: The shape of things to come for captives?
Cyber security reguations: The shape of things to come for captives?Daniel Message
 
Forecast cybersecurity regulation v3
Forecast cybersecurity regulation v3Forecast cybersecurity regulation v3
Forecast cybersecurity regulation v3Joe Orlando
 
Contractor Responsibilities under the Federal Information Security Management...
Contractor Responsibilities under the Federal Information Security Management...Contractor Responsibilities under the Federal Information Security Management...
Contractor Responsibilities under the Federal Information Security Management...padler01
 
SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docx
SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docxSECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docx
SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docxbagotjesusa
 
CHAPTER 3 Security Policies and Regulations In this chap
CHAPTER 3 Security Policies and Regulations In this chapCHAPTER 3 Security Policies and Regulations In this chap
CHAPTER 3 Security Policies and Regulations In this chapEstelaJeffery653
 
7th ERM - S2 - Cyber security, Cyber Risk and Data Privacy - Kalpesh Doshi (1...
7th ERM - S2 - Cyber security, Cyber Risk and Data Privacy - Kalpesh Doshi (1...7th ERM - S2 - Cyber security, Cyber Risk and Data Privacy - Kalpesh Doshi (1...
7th ERM - S2 - Cyber security, Cyber Risk and Data Privacy - Kalpesh Doshi (1...TraintechTde
 
Complying with Cybersecurity Regulations for IBM i Servers and Data
Complying with Cybersecurity Regulations for IBM i Servers and DataComplying with Cybersecurity Regulations for IBM i Servers and Data
Complying with Cybersecurity Regulations for IBM i Servers and DataPrecisely
 
Maintain data privacy during software development
Maintain data privacy during software developmentMaintain data privacy during software development
Maintain data privacy during software developmentMuhammadArif823
 
A Look At Evolving Cybersecurity Policy for Financial Institutions 2021
A Look At Evolving Cybersecurity Policy for Financial Institutions 2021A Look At Evolving Cybersecurity Policy for Financial Institutions 2021
A Look At Evolving Cybersecurity Policy for Financial Institutions 2021Dawn Yankeelov
 
Sms compliance white paper for mobile communications
Sms compliance white paper for mobile communicationsSms compliance white paper for mobile communications
Sms compliance white paper for mobile communicationsTextGuard
 
An Overview of the Major Compliance Requirements
An Overview of the Major Compliance RequirementsAn Overview of the Major Compliance Requirements
An Overview of the Major Compliance RequirementsDoubleHorn
 
AI applications in financial compliance An overview.pdf
AI applications in financial compliance An overview.pdfAI applications in financial compliance An overview.pdf
AI applications in financial compliance An overview.pdfChristopherTHyatt
 

Similar to What Financial Institution Cyber Regs Tell the Infrastructure Sector (20)

CBIZ Banking & Financial Services Hot Topics - January 2018
CBIZ Banking & Financial Services Hot Topics - January 2018CBIZ Banking & Financial Services Hot Topics - January 2018
CBIZ Banking & Financial Services Hot Topics - January 2018
 
Cybersecurity solution-guide
Cybersecurity solution-guideCybersecurity solution-guide
Cybersecurity solution-guide
 
Cyber security reguations: The shape of things to come for captives?
Cyber security reguations: The shape of things to come for captives?Cyber security reguations: The shape of things to come for captives?
Cyber security reguations: The shape of things to come for captives?
 
Forecast cybersecurity regulation v3
Forecast cybersecurity regulation v3Forecast cybersecurity regulation v3
Forecast cybersecurity regulation v3
 
Module 7.pdf
Module 7.pdfModule 7.pdf
Module 7.pdf
 
Module 7 Cyber Laws and Forensic
Module 7 Cyber Laws and ForensicModule 7 Cyber Laws and Forensic
Module 7 Cyber Laws and Forensic
 
crucet1crucet2crucet
crucet1crucet2crucetcrucet1crucet2crucet
crucet1crucet2crucet
 
Contractor Responsibilities under the Federal Information Security Management...
Contractor Responsibilities under the Federal Information Security Management...Contractor Responsibilities under the Federal Information Security Management...
Contractor Responsibilities under the Federal Information Security Management...
 
FFIEC overview
FFIEC overviewFFIEC overview
FFIEC overview
 
SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docx
SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docxSECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docx
SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docx
 
CHAPTER 3 Security Policies and Regulations In this chap
CHAPTER 3 Security Policies and Regulations In this chapCHAPTER 3 Security Policies and Regulations In this chap
CHAPTER 3 Security Policies and Regulations In this chap
 
7th ERM - S2 - Cyber security, Cyber Risk and Data Privacy - Kalpesh Doshi (1...
7th ERM - S2 - Cyber security, Cyber Risk and Data Privacy - Kalpesh Doshi (1...7th ERM - S2 - Cyber security, Cyber Risk and Data Privacy - Kalpesh Doshi (1...
7th ERM - S2 - Cyber security, Cyber Risk and Data Privacy - Kalpesh Doshi (1...
 
Complying with Cybersecurity Regulations for IBM i Servers and Data
Complying with Cybersecurity Regulations for IBM i Servers and DataComplying with Cybersecurity Regulations for IBM i Servers and Data
Complying with Cybersecurity Regulations for IBM i Servers and Data
 
Maintain data privacy during software development
Maintain data privacy during software developmentMaintain data privacy during software development
Maintain data privacy during software development
 
Data breaches at home and abroad
Data breaches at home and abroad Data breaches at home and abroad
Data breaches at home and abroad
 
A Look At Evolving Cybersecurity Policy for Financial Institutions 2021
A Look At Evolving Cybersecurity Policy for Financial Institutions 2021A Look At Evolving Cybersecurity Policy for Financial Institutions 2021
A Look At Evolving Cybersecurity Policy for Financial Institutions 2021
 
Sms compliance white paper for mobile communications
Sms compliance white paper for mobile communicationsSms compliance white paper for mobile communications
Sms compliance white paper for mobile communications
 
An Overview of the Major Compliance Requirements
An Overview of the Major Compliance RequirementsAn Overview of the Major Compliance Requirements
An Overview of the Major Compliance Requirements
 
AI applications in financial compliance An overview.pdf
AI applications in financial compliance An overview.pdfAI applications in financial compliance An overview.pdf
AI applications in financial compliance An overview.pdf
 
Cyber Risk in the Energy Industry
Cyber Risk in the Energy IndustryCyber Risk in the Energy Industry
Cyber Risk in the Energy Industry
 

More from CBIZ, Inc.

BIZGrowth Strategies — Cybersecurity Special Edition 2023
BIZGrowth Strategies — Cybersecurity Special Edition 2023BIZGrowth Strategies — Cybersecurity Special Edition 2023
BIZGrowth Strategies — Cybersecurity Special Edition 2023CBIZ, Inc.
 
BIZGrowth Strategies - Back to Basics Special Edition
BIZGrowth Strategies - Back to Basics Special EditionBIZGrowth Strategies - Back to Basics Special Edition
BIZGrowth Strategies - Back to Basics Special EditionCBIZ, Inc.
 
The Advantage — Summer 2023
The Advantage — Summer 2023The Advantage — Summer 2023
The Advantage — Summer 2023CBIZ, Inc.
 
BIZGrowth Strategies - Workforce & Talent Optimization Special Edition
BIZGrowth Strategies - Workforce & Talent Optimization Special EditionBIZGrowth Strategies - Workforce & Talent Optimization Special Edition
BIZGrowth Strategies - Workforce & Talent Optimization Special EditionCBIZ, Inc.
 
BIZGrowth Newsletter - Economic Slowdown Solutions Special Edition
BIZGrowth Newsletter - Economic Slowdown Solutions Special EditionBIZGrowth Newsletter - Economic Slowdown Solutions Special Edition
BIZGrowth Newsletter - Economic Slowdown Solutions Special EditionCBIZ, Inc.
 
BIZGrowth Strategies - Cybersecurity Special Edition
BIZGrowth Strategies - Cybersecurity Special EditionBIZGrowth Strategies - Cybersecurity Special Edition
BIZGrowth Strategies - Cybersecurity Special EditionCBIZ, Inc.
 
Connections Help Law Practice Efficiently Obtain $5 Million Line of Credit
Connections Help Law Practice Efficiently Obtain $5 Million Line of CreditConnections Help Law Practice Efficiently Obtain $5 Million Line of Credit
Connections Help Law Practice Efficiently Obtain $5 Million Line of CreditCBIZ, Inc.
 
Custom Communication Plan & Active Enrollment Result in Increased Consumerism
Custom Communication Plan & Active Enrollment Result in Increased ConsumerismCustom Communication Plan & Active Enrollment Result in Increased Consumerism
Custom Communication Plan & Active Enrollment Result in Increased ConsumerismCBIZ, Inc.
 
Experienced Consulting Approach Leads Engineering Firm to the Right CFO
Experienced Consulting Approach Leads Engineering Firm to the Right CFOExperienced Consulting Approach Leads Engineering Firm to the Right CFO
Experienced Consulting Approach Leads Engineering Firm to the Right CFOCBIZ, Inc.
 
BIZGrowth Strategies - Summer 2022
BIZGrowth Strategies - Summer 2022BIZGrowth Strategies - Summer 2022
BIZGrowth Strategies - Summer 2022CBIZ, Inc.
 
Inflation, Interest Rates & the Disruption to CRE
Inflation, Interest Rates & the Disruption to CREInflation, Interest Rates & the Disruption to CRE
Inflation, Interest Rates & the Disruption to CRECBIZ, Inc.
 
CBIZ Quarterly Manufacturing and Distribution "Hot Topics" Newsletter (May-Ju...
CBIZ Quarterly Manufacturing and Distribution "Hot Topics" Newsletter (May-Ju...CBIZ Quarterly Manufacturing and Distribution "Hot Topics" Newsletter (May-Ju...
CBIZ Quarterly Manufacturing and Distribution "Hot Topics" Newsletter (May-Ju...CBIZ, Inc.
 
Rethinking Total Compensation to Retain Top Talent
Rethinking Total Compensation to Retain Top TalentRethinking Total Compensation to Retain Top Talent
Rethinking Total Compensation to Retain Top TalentCBIZ, Inc.
 
Common Labor Shortage Risks & Tips to Mitigate Your Exposures
Common Labor Shortage Risks & Tips to Mitigate Your ExposuresCommon Labor Shortage Risks & Tips to Mitigate Your Exposures
Common Labor Shortage Risks & Tips to Mitigate Your ExposuresCBIZ, Inc.
 
How the Great Resignation Affects the Tax Function
How the Great Resignation Affects the Tax FunctionHow the Great Resignation Affects the Tax Function
How the Great Resignation Affects the Tax FunctionCBIZ, Inc.
 
Using Technology to Secure Talent
Using Technology to Secure TalentUsing Technology to Secure Talent
Using Technology to Secure TalentCBIZ, Inc.
 
Experienced Consulting Approach Leads Engineering Firm to the Right CFO
Experienced Consulting Approach Leads Engineering Firm to the Right CFOExperienced Consulting Approach Leads Engineering Firm to the Right CFO
Experienced Consulting Approach Leads Engineering Firm to the Right CFOCBIZ, Inc.
 
BIZGrowth Strategies - The Great Resignation Special Edition
BIZGrowth Strategies - The Great Resignation Special EditionBIZGrowth Strategies - The Great Resignation Special Edition
BIZGrowth Strategies - The Great Resignation Special EditionCBIZ, Inc.
 
Tax incentive alert KS
Tax incentive alert KSTax incentive alert KS
Tax incentive alert KSCBIZ, Inc.
 
CBIZ Quarterly Commercial Real Estate "Hot Topics" Newsletter (Jan-Feb 2022)
CBIZ Quarterly Commercial Real Estate "Hot Topics" Newsletter (Jan-Feb 2022)CBIZ Quarterly Commercial Real Estate "Hot Topics" Newsletter (Jan-Feb 2022)
CBIZ Quarterly Commercial Real Estate "Hot Topics" Newsletter (Jan-Feb 2022)CBIZ, Inc.
 

More from CBIZ, Inc. (20)

BIZGrowth Strategies — Cybersecurity Special Edition 2023
BIZGrowth Strategies — Cybersecurity Special Edition 2023BIZGrowth Strategies — Cybersecurity Special Edition 2023
BIZGrowth Strategies — Cybersecurity Special Edition 2023
 
BIZGrowth Strategies - Back to Basics Special Edition
BIZGrowth Strategies - Back to Basics Special EditionBIZGrowth Strategies - Back to Basics Special Edition
BIZGrowth Strategies - Back to Basics Special Edition
 
The Advantage — Summer 2023
The Advantage — Summer 2023The Advantage — Summer 2023
The Advantage — Summer 2023
 
BIZGrowth Strategies - Workforce & Talent Optimization Special Edition
BIZGrowth Strategies - Workforce & Talent Optimization Special EditionBIZGrowth Strategies - Workforce & Talent Optimization Special Edition
BIZGrowth Strategies - Workforce & Talent Optimization Special Edition
 
BIZGrowth Newsletter - Economic Slowdown Solutions Special Edition
BIZGrowth Newsletter - Economic Slowdown Solutions Special EditionBIZGrowth Newsletter - Economic Slowdown Solutions Special Edition
BIZGrowth Newsletter - Economic Slowdown Solutions Special Edition
 
BIZGrowth Strategies - Cybersecurity Special Edition
BIZGrowth Strategies - Cybersecurity Special EditionBIZGrowth Strategies - Cybersecurity Special Edition
BIZGrowth Strategies - Cybersecurity Special Edition
 
Connections Help Law Practice Efficiently Obtain $5 Million Line of Credit
Connections Help Law Practice Efficiently Obtain $5 Million Line of CreditConnections Help Law Practice Efficiently Obtain $5 Million Line of Credit
Connections Help Law Practice Efficiently Obtain $5 Million Line of Credit
 
Custom Communication Plan & Active Enrollment Result in Increased Consumerism
Custom Communication Plan & Active Enrollment Result in Increased ConsumerismCustom Communication Plan & Active Enrollment Result in Increased Consumerism
Custom Communication Plan & Active Enrollment Result in Increased Consumerism
 
Experienced Consulting Approach Leads Engineering Firm to the Right CFO
Experienced Consulting Approach Leads Engineering Firm to the Right CFOExperienced Consulting Approach Leads Engineering Firm to the Right CFO
Experienced Consulting Approach Leads Engineering Firm to the Right CFO
 
BIZGrowth Strategies - Summer 2022
BIZGrowth Strategies - Summer 2022BIZGrowth Strategies - Summer 2022
BIZGrowth Strategies - Summer 2022
 
Inflation, Interest Rates & the Disruption to CRE
Inflation, Interest Rates & the Disruption to CREInflation, Interest Rates & the Disruption to CRE
Inflation, Interest Rates & the Disruption to CRE
 
CBIZ Quarterly Manufacturing and Distribution "Hot Topics" Newsletter (May-Ju...
CBIZ Quarterly Manufacturing and Distribution "Hot Topics" Newsletter (May-Ju...CBIZ Quarterly Manufacturing and Distribution "Hot Topics" Newsletter (May-Ju...
CBIZ Quarterly Manufacturing and Distribution "Hot Topics" Newsletter (May-Ju...
 
Rethinking Total Compensation to Retain Top Talent
Rethinking Total Compensation to Retain Top TalentRethinking Total Compensation to Retain Top Talent
Rethinking Total Compensation to Retain Top Talent
 
Common Labor Shortage Risks & Tips to Mitigate Your Exposures
Common Labor Shortage Risks & Tips to Mitigate Your ExposuresCommon Labor Shortage Risks & Tips to Mitigate Your Exposures
Common Labor Shortage Risks & Tips to Mitigate Your Exposures
 
How the Great Resignation Affects the Tax Function
How the Great Resignation Affects the Tax FunctionHow the Great Resignation Affects the Tax Function
How the Great Resignation Affects the Tax Function
 
Using Technology to Secure Talent
Using Technology to Secure TalentUsing Technology to Secure Talent
Using Technology to Secure Talent
 
Experienced Consulting Approach Leads Engineering Firm to the Right CFO
Experienced Consulting Approach Leads Engineering Firm to the Right CFOExperienced Consulting Approach Leads Engineering Firm to the Right CFO
Experienced Consulting Approach Leads Engineering Firm to the Right CFO
 
BIZGrowth Strategies - The Great Resignation Special Edition
BIZGrowth Strategies - The Great Resignation Special EditionBIZGrowth Strategies - The Great Resignation Special Edition
BIZGrowth Strategies - The Great Resignation Special Edition
 
Tax incentive alert KS
Tax incentive alert KSTax incentive alert KS
Tax incentive alert KS
 
CBIZ Quarterly Commercial Real Estate "Hot Topics" Newsletter (Jan-Feb 2022)
CBIZ Quarterly Commercial Real Estate "Hot Topics" Newsletter (Jan-Feb 2022)CBIZ Quarterly Commercial Real Estate "Hot Topics" Newsletter (Jan-Feb 2022)
CBIZ Quarterly Commercial Real Estate "Hot Topics" Newsletter (Jan-Feb 2022)
 

Recently uploaded

High Class Call Girls Nashik Maya 7001305949 Independent Escort Service Nashik
High Class Call Girls Nashik Maya 7001305949 Independent Escort Service NashikHigh Class Call Girls Nashik Maya 7001305949 Independent Escort Service Nashik
High Class Call Girls Nashik Maya 7001305949 Independent Escort Service NashikCall Girls in Nagpur High Profile
 
Independent Lucknow Call Girls 8923113531WhatsApp Lucknow Call Girls make you...
Independent Lucknow Call Girls 8923113531WhatsApp Lucknow Call Girls make you...Independent Lucknow Call Girls 8923113531WhatsApp Lucknow Call Girls make you...
Independent Lucknow Call Girls 8923113531WhatsApp Lucknow Call Girls make you...makika9823
 
06_Joeri Van Speybroek_Dell_MeetupDora&Cybersecurity.pdf
06_Joeri Van Speybroek_Dell_MeetupDora&Cybersecurity.pdf06_Joeri Van Speybroek_Dell_MeetupDora&Cybersecurity.pdf
06_Joeri Van Speybroek_Dell_MeetupDora&Cybersecurity.pdfFinTech Belgium
 
letter-from-the-chair-to-the-fca-relating-to-british-steel-pensions-scheme-15...
letter-from-the-chair-to-the-fca-relating-to-british-steel-pensions-scheme-15...letter-from-the-chair-to-the-fca-relating-to-british-steel-pensions-scheme-15...
letter-from-the-chair-to-the-fca-relating-to-british-steel-pensions-scheme-15...Henry Tapper
 
Malad Call Girl in Services 9892124323 | ₹,4500 With Room Free Delivery
Malad Call Girl in Services 9892124323 | ₹,4500 With Room Free DeliveryMalad Call Girl in Services 9892124323 | ₹,4500 With Room Free Delivery
Malad Call Girl in Services 9892124323 | ₹,4500 With Room Free DeliveryPooja Nehwal
 
Call Girls In Yusuf Sarai Women Seeking Men 9654467111
Call Girls In Yusuf Sarai Women Seeking Men 9654467111Call Girls In Yusuf Sarai Women Seeking Men 9654467111
Call Girls In Yusuf Sarai Women Seeking Men 9654467111Sapana Sha
 
Independent Call Girl Number in Kurla Mumbai📲 Pooja Nehwal 9892124323 💞 Full ...
Independent Call Girl Number in Kurla Mumbai📲 Pooja Nehwal 9892124323 💞 Full ...Independent Call Girl Number in Kurla Mumbai📲 Pooja Nehwal 9892124323 💞 Full ...
Independent Call Girl Number in Kurla Mumbai📲 Pooja Nehwal 9892124323 💞 Full ...Pooja Nehwal
 
Andheri Call Girls In 9825968104 Mumbai Hot Models
Andheri Call Girls In 9825968104 Mumbai Hot ModelsAndheri Call Girls In 9825968104 Mumbai Hot Models
Andheri Call Girls In 9825968104 Mumbai Hot Modelshematsharma006
 
Stock Market Brief Deck for 4/24/24 .pdf
Stock Market Brief Deck for 4/24/24 .pdfStock Market Brief Deck for 4/24/24 .pdf
Stock Market Brief Deck for 4/24/24 .pdfMichael Silva
 
VIP Call Girls Service Dilsukhnagar Hyderabad Call +91-8250192130
VIP Call Girls Service Dilsukhnagar Hyderabad Call +91-8250192130VIP Call Girls Service Dilsukhnagar Hyderabad Call +91-8250192130
VIP Call Girls Service Dilsukhnagar Hyderabad Call +91-8250192130Suhani Kapoor
 
05_Annelore Lenoir_Docbyte_MeetupDora&Cybersecurity.pptx
05_Annelore Lenoir_Docbyte_MeetupDora&Cybersecurity.pptx05_Annelore Lenoir_Docbyte_MeetupDora&Cybersecurity.pptx
05_Annelore Lenoir_Docbyte_MeetupDora&Cybersecurity.pptxFinTech Belgium
 
00_Main ppt_MeetupDORA&CyberSecurity.pptx
00_Main ppt_MeetupDORA&CyberSecurity.pptx00_Main ppt_MeetupDORA&CyberSecurity.pptx
00_Main ppt_MeetupDORA&CyberSecurity.pptxFinTech Belgium
 
Lundin Gold April 2024 Corporate Presentation v4.pdf
Lundin Gold April 2024 Corporate Presentation v4.pdfLundin Gold April 2024 Corporate Presentation v4.pdf
Lundin Gold April 2024 Corporate Presentation v4.pdfAdnet Communications
 
OAT_RI_Ep19 WeighingTheRisks_Apr24_TheYellowMetal.pptx
OAT_RI_Ep19 WeighingTheRisks_Apr24_TheYellowMetal.pptxOAT_RI_Ep19 WeighingTheRisks_Apr24_TheYellowMetal.pptx
OAT_RI_Ep19 WeighingTheRisks_Apr24_TheYellowMetal.pptxhiddenlevers
 
Monthly Market Risk Update: April 2024 [SlideShare]
Monthly Market Risk Update: April 2024 [SlideShare]Monthly Market Risk Update: April 2024 [SlideShare]
Monthly Market Risk Update: April 2024 [SlideShare]Commonwealth
 
Bladex Earnings Call Presentation 1Q2024
Bladex Earnings Call Presentation 1Q2024Bladex Earnings Call Presentation 1Q2024
Bladex Earnings Call Presentation 1Q2024Bladex
 
fca-bsps-decision-letter-redacted (1).pdf
fca-bsps-decision-letter-redacted (1).pdffca-bsps-decision-letter-redacted (1).pdf
fca-bsps-decision-letter-redacted (1).pdfHenry Tapper
 
Log your LOA pain with Pension Lab's brilliant campaign
Log your LOA pain with Pension Lab's brilliant campaignLog your LOA pain with Pension Lab's brilliant campaign
Log your LOA pain with Pension Lab's brilliant campaignHenry Tapper
 
02_Fabio Colombo_Accenture_MeetupDora&Cybersecurity.pptx
02_Fabio Colombo_Accenture_MeetupDora&Cybersecurity.pptx02_Fabio Colombo_Accenture_MeetupDora&Cybersecurity.pptx
02_Fabio Colombo_Accenture_MeetupDora&Cybersecurity.pptxFinTech Belgium
 

Recently uploaded (20)

High Class Call Girls Nashik Maya 7001305949 Independent Escort Service Nashik
High Class Call Girls Nashik Maya 7001305949 Independent Escort Service NashikHigh Class Call Girls Nashik Maya 7001305949 Independent Escort Service Nashik
High Class Call Girls Nashik Maya 7001305949 Independent Escort Service Nashik
 
Independent Lucknow Call Girls 8923113531WhatsApp Lucknow Call Girls make you...
Independent Lucknow Call Girls 8923113531WhatsApp Lucknow Call Girls make you...Independent Lucknow Call Girls 8923113531WhatsApp Lucknow Call Girls make you...
Independent Lucknow Call Girls 8923113531WhatsApp Lucknow Call Girls make you...
 
Commercial Bank Economic Capsule - April 2024
Commercial Bank Economic Capsule - April 2024Commercial Bank Economic Capsule - April 2024
Commercial Bank Economic Capsule - April 2024
 
06_Joeri Van Speybroek_Dell_MeetupDora&Cybersecurity.pdf
06_Joeri Van Speybroek_Dell_MeetupDora&Cybersecurity.pdf06_Joeri Van Speybroek_Dell_MeetupDora&Cybersecurity.pdf
06_Joeri Van Speybroek_Dell_MeetupDora&Cybersecurity.pdf
 
letter-from-the-chair-to-the-fca-relating-to-british-steel-pensions-scheme-15...
letter-from-the-chair-to-the-fca-relating-to-british-steel-pensions-scheme-15...letter-from-the-chair-to-the-fca-relating-to-british-steel-pensions-scheme-15...
letter-from-the-chair-to-the-fca-relating-to-british-steel-pensions-scheme-15...
 
Malad Call Girl in Services 9892124323 | ₹,4500 With Room Free Delivery
Malad Call Girl in Services 9892124323 | ₹,4500 With Room Free DeliveryMalad Call Girl in Services 9892124323 | ₹,4500 With Room Free Delivery
Malad Call Girl in Services 9892124323 | ₹,4500 With Room Free Delivery
 
Call Girls In Yusuf Sarai Women Seeking Men 9654467111
Call Girls In Yusuf Sarai Women Seeking Men 9654467111Call Girls In Yusuf Sarai Women Seeking Men 9654467111
Call Girls In Yusuf Sarai Women Seeking Men 9654467111
 
Independent Call Girl Number in Kurla Mumbai📲 Pooja Nehwal 9892124323 💞 Full ...
Independent Call Girl Number in Kurla Mumbai📲 Pooja Nehwal 9892124323 💞 Full ...Independent Call Girl Number in Kurla Mumbai📲 Pooja Nehwal 9892124323 💞 Full ...
Independent Call Girl Number in Kurla Mumbai📲 Pooja Nehwal 9892124323 💞 Full ...
 
Andheri Call Girls In 9825968104 Mumbai Hot Models
Andheri Call Girls In 9825968104 Mumbai Hot ModelsAndheri Call Girls In 9825968104 Mumbai Hot Models
Andheri Call Girls In 9825968104 Mumbai Hot Models
 
Stock Market Brief Deck for 4/24/24 .pdf
Stock Market Brief Deck for 4/24/24 .pdfStock Market Brief Deck for 4/24/24 .pdf
Stock Market Brief Deck for 4/24/24 .pdf
 
VIP Call Girls Service Dilsukhnagar Hyderabad Call +91-8250192130
VIP Call Girls Service Dilsukhnagar Hyderabad Call +91-8250192130VIP Call Girls Service Dilsukhnagar Hyderabad Call +91-8250192130
VIP Call Girls Service Dilsukhnagar Hyderabad Call +91-8250192130
 
05_Annelore Lenoir_Docbyte_MeetupDora&Cybersecurity.pptx
05_Annelore Lenoir_Docbyte_MeetupDora&Cybersecurity.pptx05_Annelore Lenoir_Docbyte_MeetupDora&Cybersecurity.pptx
05_Annelore Lenoir_Docbyte_MeetupDora&Cybersecurity.pptx
 
00_Main ppt_MeetupDORA&CyberSecurity.pptx
00_Main ppt_MeetupDORA&CyberSecurity.pptx00_Main ppt_MeetupDORA&CyberSecurity.pptx
00_Main ppt_MeetupDORA&CyberSecurity.pptx
 
Lundin Gold April 2024 Corporate Presentation v4.pdf
Lundin Gold April 2024 Corporate Presentation v4.pdfLundin Gold April 2024 Corporate Presentation v4.pdf
Lundin Gold April 2024 Corporate Presentation v4.pdf
 
OAT_RI_Ep19 WeighingTheRisks_Apr24_TheYellowMetal.pptx
OAT_RI_Ep19 WeighingTheRisks_Apr24_TheYellowMetal.pptxOAT_RI_Ep19 WeighingTheRisks_Apr24_TheYellowMetal.pptx
OAT_RI_Ep19 WeighingTheRisks_Apr24_TheYellowMetal.pptx
 
Monthly Market Risk Update: April 2024 [SlideShare]
Monthly Market Risk Update: April 2024 [SlideShare]Monthly Market Risk Update: April 2024 [SlideShare]
Monthly Market Risk Update: April 2024 [SlideShare]
 
Bladex Earnings Call Presentation 1Q2024
Bladex Earnings Call Presentation 1Q2024Bladex Earnings Call Presentation 1Q2024
Bladex Earnings Call Presentation 1Q2024
 
fca-bsps-decision-letter-redacted (1).pdf
fca-bsps-decision-letter-redacted (1).pdffca-bsps-decision-letter-redacted (1).pdf
fca-bsps-decision-letter-redacted (1).pdf
 
Log your LOA pain with Pension Lab's brilliant campaign
Log your LOA pain with Pension Lab's brilliant campaignLog your LOA pain with Pension Lab's brilliant campaign
Log your LOA pain with Pension Lab's brilliant campaign
 
02_Fabio Colombo_Accenture_MeetupDora&Cybersecurity.pptx
02_Fabio Colombo_Accenture_MeetupDora&Cybersecurity.pptx02_Fabio Colombo_Accenture_MeetupDora&Cybersecurity.pptx
02_Fabio Colombo_Accenture_MeetupDora&Cybersecurity.pptx
 

What Financial Institution Cyber Regs Tell the Infrastructure Sector

  • 1. Banking & Financial Services BY KRIS ST. MARTIN  I nformation security is a threat for every business, but it’s particularly disruptive to the nation’s infrastructure systems. Transportation, communications, financial institutions—if unauthorized users access information related to the core industries needed for everyday activities, it could be catastrophic. Protecting infrastructure systems is a top priority for regulators. In 2013, an executive order was passed to increase cybersecurity awareness among the infrastructure sector. Among other provisions, the executive order led to the National Institute of Standards and Technology (NIST) Cybersecurity Framework, which today is one of the gold standards for information security protection. It also created the Critical Infrastructure Cyber Community Voluntary Program to help infrastructure industries adopt the recommendations in the NIST framework. The frameworks established, however, only provide recommendations for improvements. Regulators are weighing whether to make the best practices identified in cybersecurity protection mandatory. Financial institutions in particular may soon find that robust cybersecurity programs are not optional. A closer look at the developments in information security requirements for financial institutions may give us a glimpse of what’s ahead for cybersecurity regulation of other infrastructure industries—and other companies at high risk for data breach. Proposed Regulations in the Works The Federal Financial Institutions Examination Council (FFIEC) has cybersecurity recommendations for all financial institutions. These regulations include ongoing risk assessments and risk mitigation practices. It suggests following software assurance industry practices for applications and regularly evaluating third-party software and services for unusual activity or behavior. It also has recommendations for protecting user permissions and cybersecurity awareness training. In 2016, financial regulators proposed taking things a step further. The Office of the Comptroller of the Currency, the Board of Governors of the Federal Reserve System and the Federal Deposit Insurance Company announced proposed cybersecurity rules for large financial institutions. Rules would apply to any bank or financial institution with total consolidated assets of $50 billion or more, or any bank or financial institution that is a subsidiary of a financial institution with $50 billion or more in total consolidated assets. Third party service providers that serve these financial institutions would need to implement the rules as well. Rules, which draw heavily from the NIST Cybersecurity framework and other cybersecurity publications, fall into five general categories: cyber risk governance, cyber risk management, internal dependency management, external dependency management and incidence response, cyber resilience and situational awareness. Comments on the proposed rules were due by Jan. 17, 2017, but later were extended to Feb. 17, 2017. It remains to be seen how the proposed rules would change in a final version. Local Cybersecurity Efforts Another trend that may be worth monitoring is state- mandated cybersecurity requirements. In the wake of cybersecurity incidents that affected the New York Stock Exchange and other New York-based financial institutions, the state passed its own cybersecurity requirements for (Continued on page 2) What Financial Institution Cybersecurity Regulations Tell Us About Cybersecurity for the Infrastructure Sector 1-800-ASK-CBIZ • cbiz.com/banking @CBZCBIZ BizTipsVideos DECEMBER 2017
  • 2. financial institutions. Rules in 23 NYCRR 500 became effective on March 1, 2017 for qualifying financial institutions. It requires financial institutions to implement a comprehensive cybersecurity program that covers 17 key components, including: ■ A formal cybersecurity program and policy ■ A chief information security officer ■ Regular penetration testing and vulnerability assessments ■ A cybersecurity audit trail ■ Access privileges requirements ■ Application security measures ■ Cybersecurity personnel and intelligence ■ A formal third party service provider security policy ■ Multifactor authentication for network access ■ Limitations on data retention ■ Ongoing training and monitoring ■ Encryption of nonpublic information ■ An incident response plan ■ Notices to superintendent ■ Confidentiality measures Lessons from Financial Institution Regulation Infrastructure companies should monitor how mandatory rules play out for financial institutions. If the regulatory (Continued from page 1) efforts are successful in reducing the number of financial institution cybersecurity incidents, state and federal regulators may turn their attention to other industries. Organizations that have had a history of information security threats and disruptions may also want to consider undergoing a cybersecurity risk assessment and penetration testing exercises to pinpoint where their current practices are falling short. All sectors should also consider the benefits of cyber liability insurance. Insurance policies frequently require a minimum set of standards to be in place to protect information security and may help keep your organization up-to-date on cybersecurity best practices. Related Reading ■ A Good Cybersecurity Defense Starts with People ■ The Internet of Things Makes the Future of Cybersecurity Much More Complicated ■ Cybersecurity Check-In: 6 Questions Boards of Directors Should Ask About Cybersecurity If you have specific comments, questions or concerns about cybersecurity, you can reach Kris St. Martin at 763-549-2267 or kstmartin@cbiz.com, or contact your local CBIZ advisor. KRIS ST. MARTIN Minneapolis, MN 1-800-ASK-CBIZ • cbiz.com/banking @CBZCBIZ BizTipsVideos DECEMBER 2017