SlideShare a Scribd company logo

Cybersecurity Program Assessment Services

Download as PPTX, PDF
Michael Corcoran, CPA
Michael Corcoran, CPA

GVP Partners can help you assess your Cybersecurity Program and build a sustainable approach for everyday use and reporting. Our software can help the CIO and CISO report to the Board of Directors and other interested parties on program status in real time.

Technology
1 of 18
GVP Partners October 2017 Privileged & Confidential - GVP Partners
NYDFS – Regulation Highlights 3 NYDFS - Regulation Requirements 4-6 NYDFS – Cybersecurity Policy Coverage Areas 7 Rapid Start Maturity Assessment Process 8 Project Deliverables 9 Assessment Services 10 Assessment Process 11 Assessment Templates 12 Assessment Profile 13 BOD Report 14 Process Improvement Planning 15-16 Process Improvement Tracking 17 Contact Information 18 Privileged & Confidential - GVP Partners2
Part 500 of Title 23 of the Official Compilation of Codes, Rules and Regulations of the State of New York Covers all entities supervised by the NYDFS Applies to over 3,000 covered entities across the US Provides exemptions (Revenue $5 million or less) Effective March 1, 2017 Need to establish a Cybersecurity Program Designate a Chief Information Security Officer or designee Phase 1 - Compliant by November 1,2017 – 180 Day Transition Certification by BOD or Company Officer by February 15, 2018 Program documents, assessments and test results must be available at Superintendent’s request. Privileged & Confidential - GVP Partners3
Section 500.01 Definitions Section 500.02 Cybersecurity Program Section 500.03 Cybersecurity Policy Section 500.04 Chief Information Security Officer Section 500.05 Penetration Testing & Vulnerability Assessments Section 500.06 Audit Trail Section 500.07 Access Privileges Section 500.08 Application Security Section 500.09 Risk Assessment Section 500.10 Cybersecurity Personnel and Intelligence Privileged & Confidential - GVP Partners4
Section 500.11 Third Party Service Provider Security Policy Section 500.12 Multi-Factor Authentication Section 500.13 Limitations on Data Retention Section 500.14 Training and Monitoring Section 500.15 Encryption of Nonpublic Information Section 500.16 Incident Response Plan Section 500.17 Notices to Superintendent Section 500.18 Confidentiality Section 500.19 Exemptions Section 500.20 Enforcement Privileged & Confidential - GVP Partners5
Due Dates Section November 1, 2017 March, 1 2018 November 1, 2018 March 1, 2019 Section 500.01 Definitions Section 500.02 Cybersecurity Program Section 500.03 Cybersecurity Policy Section 500.04 ChiefInformation Security Officer Section 500.04 (d) ChiefInformation Security Officer Section 500.05 Penetration Testing & Vulnerability Assessments Section 500.06 Audit Trail Section 500.07 Access Privileges Section 500.08 Application Security Section 500.09 Risk Assessment Section 500.10 Cybersecurity Personnel and Intelligence Section 500.11 Third Party Service Provider Security Policy Section 500.12 Multi-Factor Authentication Section 500.13 Limitations on Data Retention Section 500.14 (a) Training and Monitoring Section 500.14 (b) Training and Monitoring Section 500.15 Encryption ofNonpublic Information Section 500.16 Incident Response Plan Section 500.17 Notices to Superintendent Section 500.18 Confidentiality Section 500.19 Exemptions Section 500.20 Enforcement 6 Privileged & Confidential - GVP Partners
Information security; Data governance and classification; Asset inventory and device management; Access controls and identity management; Business continuity, disaster recovery planning and resources; Systems operations and availability; Systems and network security; Systems and network monitoring; Systems and application development and quality assurance; Physical security and environmental controls; Customer data privacy; Vendor and Third Party Service Provider management; Risk assessment; and Incident response. Privileged & Confidential - GVP Partners7
2 Week Cybersecurity Prepare • Define measurement framework, categories, processes and goals • Determine survey respondents • Communicate with stakeholders and respondents Survey • Collect data using TrustMAPP assessment portal • Questions organized around maturity dimensions Validate • Review scores • Validate answers • Revise data as needed Report • Communicate findings with recommendations to improve program maturity GVP/ Client GVP / ClientClient Client Privileged & Confidential - GVP Partners8
Provide a baseline Cybersecurity assessment and strategy roadmap. Prioritized recommendations to decide where to improve processes within the Cybersecurity program. Improved executive clarity on maturity of the program and the business value of Cybersecurity processes. Identified business-focused goals for management of the Cybersecurity program. Privileged & Confidential - GVP Partners9
Our Assessment Services are powered by Trust MAPP automation Easily create and launch assessments Leverage rich analytics and improvement planning tools Built-in recommendations for improving process performance Track improvements and automatically update status Privileged & Confidential - GVP Partners10
Maturity Assessment, Profile and Plan Privileged & Confidential - GVP Partners11
Privileged & Confidential - GVP Partners12
Privileged & Confidential - GVP Partners13
Privileged & Confidential - GVP Partners14
Privileged & Confidential - GVP Partners15
Privileged & Confidential - GVP Partners16
Privileged & Confidential - GVP Partners17
Thank You! Michael Corcoran GVP Partners www.grcerm.com 770.891.1491 Michael.Corcoran@grcerm.com Privileged & Confidential - GVP Partners18

Recommended

Value Management
Value Management Value Management
Value Management Michael Corcoran, CPA
 
10 Tips For Successful Contract Life Cycle Management
10 Tips For Successful Contract Life Cycle Management10 Tips For Successful Contract Life Cycle Management
10 Tips For Successful Contract Life Cycle ManagementDoctiger1
 
CML Group GRCaaS Dashboard
CML Group GRCaaS Dashboard CML Group GRCaaS Dashboard
CML Group GRCaaS Dashboard Jim Robins
 
GDPR Audit Resilience: How to Align Diverse Internal Stakeholder Needs and De...
GDPR Audit Resilience: How to Align Diverse Internal Stakeholder Needs and De...GDPR Audit Resilience: How to Align Diverse Internal Stakeholder Needs and De...
GDPR Audit Resilience: How to Align Diverse Internal Stakeholder Needs and De...DATUM LLC
 
Automated Regulatory Compliance Management
Automated Regulatory Compliance ManagementAutomated Regulatory Compliance Management
Automated Regulatory Compliance ManagementAdeel159
 
Corporate Treasury – Rising to the Cloud
Corporate Treasury – Rising to the CloudCorporate Treasury – Rising to the Cloud
Corporate Treasury – Rising to the CloudFIS
 
FASTER, BETTER ANSWERS TO REAL-FINANCE PROBLEMS - Scalabledigital.com
FASTER, BETTER ANSWERS TO REAL-FINANCE PROBLEMS - Scalabledigital.com FASTER, BETTER ANSWERS TO REAL-FINANCE PROBLEMS - Scalabledigital.com
FASTER, BETTER ANSWERS TO REAL-FINANCE PROBLEMS - Scalabledigital.com sambiswal
 
Project Management & Its Processes
Project Management & Its ProcessesProject Management & Its Processes
Project Management & Its Processes9 series
 

Recommended

Value Management
Value Management Value Management
Value Management Michael Corcoran, CPA
 
10 Tips For Successful Contract Life Cycle Management
10 Tips For Successful Contract Life Cycle Management10 Tips For Successful Contract Life Cycle Management
10 Tips For Successful Contract Life Cycle ManagementDoctiger1
 
CML Group GRCaaS Dashboard
CML Group GRCaaS Dashboard CML Group GRCaaS Dashboard
CML Group GRCaaS Dashboard Jim Robins
 
GDPR Audit Resilience: How to Align Diverse Internal Stakeholder Needs and De...
GDPR Audit Resilience: How to Align Diverse Internal Stakeholder Needs and De...GDPR Audit Resilience: How to Align Diverse Internal Stakeholder Needs and De...
GDPR Audit Resilience: How to Align Diverse Internal Stakeholder Needs and De...DATUM LLC
 
Automated Regulatory Compliance Management
Automated Regulatory Compliance ManagementAutomated Regulatory Compliance Management
Automated Regulatory Compliance ManagementAdeel159
 
Corporate Treasury – Rising to the Cloud
Corporate Treasury – Rising to the CloudCorporate Treasury – Rising to the Cloud
Corporate Treasury – Rising to the CloudFIS
 
FASTER, BETTER ANSWERS TO REAL-FINANCE PROBLEMS - Scalabledigital.com
FASTER, BETTER ANSWERS TO REAL-FINANCE PROBLEMS - Scalabledigital.com FASTER, BETTER ANSWERS TO REAL-FINANCE PROBLEMS - Scalabledigital.com
FASTER, BETTER ANSWERS TO REAL-FINANCE PROBLEMS - Scalabledigital.com sambiswal
 
Project Management & Its Processes
Project Management & Its ProcessesProject Management & Its Processes
Project Management & Its Processes9 series
 
TrustedAgent GRC for Public Sector
TrustedAgent GRC for Public SectorTrustedAgent GRC for Public Sector
TrustedAgent GRC for Public SectorTri Phan
 
LANDESK ITAM Review Tools Day Presentation 2015
LANDESK ITAM Review Tools Day Presentation 2015LANDESK ITAM Review Tools Day Presentation 2015
LANDESK ITAM Review Tools Day Presentation 2015Martin Thompson
 
Contego Fraud Solutions Ltd fin tech week 2014
Contego Fraud Solutions Ltd fin tech week 2014Contego Fraud Solutions Ltd fin tech week 2014
Contego Fraud Solutions Ltd fin tech week 2014Rebecca1243
 
Trends in AML Compliance
Trends in AML ComplianceTrends in AML Compliance
Trends in AML ComplianceAmazon Web Services
 
CarrieEgglestonResume
CarrieEgglestonResumeCarrieEgglestonResume
CarrieEgglestonResumeCarrie Eggleston
 
Mft for grc for corporate data movement
Mft for grc for corporate data movementMft for grc for corporate data movement
Mft for grc for corporate data movementChris Yaldezian
 
Experlogix success-story-tritech-software
Experlogix success-story-tritech-softwareExperlogix success-story-tritech-software
Experlogix success-story-tritech-softwareSanjeev Nadkarni
 
Adaptive Enterprise Security Architecture
Adaptive Enterprise Security ArchitectureAdaptive Enterprise Security Architecture
Adaptive Enterprise Security ArchitectureSABSAcourses
 
Introduction to Software Lifecycle Services 2018
Introduction to Software Lifecycle Services 2018Introduction to Software Lifecycle Services 2018
Introduction to Software Lifecycle Services 2018Insight FR
 
Official HIPAA Compliance Audit Protocol Published
Official HIPAA Compliance Audit Protocol PublishedOfficial HIPAA Compliance Audit Protocol Published
Official HIPAA Compliance Audit Protocol PublishedRedspin, Inc.
 
CFPB-Compliance360_Datasheet
CFPB-Compliance360_DatasheetCFPB-Compliance360_Datasheet
CFPB-Compliance360_DatasheetGeoff Griffith
 
Privacy Risk Assessment
Privacy Risk AssessmentPrivacy Risk Assessment
Privacy Risk AssessmentHealthcare Information Technologies
 
eCommunications Surveillance Solution Brief
eCommunications Surveillance Solution Brief eCommunications Surveillance Solution Brief
eCommunications Surveillance Solution Brief Attivio
 
Tracking expenses with modern technology
Tracking expenses with modern technologyTracking expenses with modern technology
Tracking expenses with modern technologyAdam Greene CPA
 
ds-process-intelligence-for-insurers-en_final
ds-process-intelligence-for-insurers-en_finalds-process-intelligence-for-insurers-en_final
ds-process-intelligence-for-insurers-en_finalIvan (Alon) Belostenko {LION}
 
Ecom Nets Ms Dynamics Gp
Ecom Nets Ms Dynamics GpEcom Nets Ms Dynamics Gp
Ecom Nets Ms Dynamics Gpnveeravalli
 
Third Party Network Webinar Slide Deck 110718 FINAL
Third Party Network Webinar Slide Deck 110718 FINALThird Party Network Webinar Slide Deck 110718 FINAL
Third Party Network Webinar Slide Deck 110718 FINALDVV Solutions Third Party Risk Management
 
Building the Business Case for TPRM - DVV Solutions Breakfast Briefing March ...
Building the Business Case for TPRM - DVV Solutions Breakfast Briefing March ...Building the Business Case for TPRM - DVV Solutions Breakfast Briefing March ...
Building the Business Case for TPRM - DVV Solutions Breakfast Briefing March ...DVV Solutions Third Party Risk Management
 
Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar Slides]
Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar Slides]Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar Slides]
Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar Slides]TrustArc
 
Third Party Risk Assessment Due Diligence - Managed Service as Best Practice
Third Party Risk Assessment Due Diligence - Managed Service as Best PracticeThird Party Risk Assessment Due Diligence - Managed Service as Best Practice
Third Party Risk Assessment Due Diligence - Managed Service as Best PracticeDVV Solutions Third Party Risk Management
 
Standards in Third Party Risk - DVV Solutions ISACA North May 19
Standards in Third Party Risk - DVV Solutions ISACA North May 19 Standards in Third Party Risk - DVV Solutions ISACA North May 19
Standards in Third Party Risk - DVV Solutions ISACA North May 19 DVV Solutions Third Party Risk Management
 
Privacy Frameworks: The Foundation for Every Privacy Program
Privacy Frameworks: The Foundation for Every Privacy ProgramPrivacy Frameworks: The Foundation for Every Privacy Program
Privacy Frameworks: The Foundation for Every Privacy ProgramTrustArc
 

More Related Content

What's hot

TrustedAgent GRC for Public Sector
TrustedAgent GRC for Public SectorTrustedAgent GRC for Public Sector
TrustedAgent GRC for Public SectorTri Phan
 
LANDESK ITAM Review Tools Day Presentation 2015
LANDESK ITAM Review Tools Day Presentation 2015LANDESK ITAM Review Tools Day Presentation 2015
LANDESK ITAM Review Tools Day Presentation 2015Martin Thompson
 
Contego Fraud Solutions Ltd fin tech week 2014
Contego Fraud Solutions Ltd fin tech week 2014Contego Fraud Solutions Ltd fin tech week 2014
Contego Fraud Solutions Ltd fin tech week 2014Rebecca1243
 
Mft for grc for corporate data movement
Mft for grc for corporate data movementMft for grc for corporate data movement
Mft for grc for corporate data movementChris Yaldezian
 
Experlogix success-story-tritech-software
Experlogix success-story-tritech-softwareExperlogix success-story-tritech-software
Experlogix success-story-tritech-softwareSanjeev Nadkarni
 
Adaptive Enterprise Security Architecture
Adaptive Enterprise Security ArchitectureAdaptive Enterprise Security Architecture
Adaptive Enterprise Security ArchitectureSABSAcourses
 
Introduction to Software Lifecycle Services 2018
Introduction to Software Lifecycle Services 2018Introduction to Software Lifecycle Services 2018
Introduction to Software Lifecycle Services 2018Insight FR
 
Official HIPAA Compliance Audit Protocol Published
Official HIPAA Compliance Audit Protocol PublishedOfficial HIPAA Compliance Audit Protocol Published
Official HIPAA Compliance Audit Protocol PublishedRedspin, Inc.
 
CFPB-Compliance360_Datasheet
CFPB-Compliance360_DatasheetCFPB-Compliance360_Datasheet
CFPB-Compliance360_DatasheetGeoff Griffith
 
eCommunications Surveillance Solution Brief
eCommunications Surveillance Solution Brief eCommunications Surveillance Solution Brief
eCommunications Surveillance Solution Brief Attivio
 
Tracking expenses with modern technology
Tracking expenses with modern technologyTracking expenses with modern technology
Tracking expenses with modern technologyAdam Greene CPA
 
Ecom Nets Ms Dynamics Gp
Ecom Nets Ms Dynamics GpEcom Nets Ms Dynamics Gp
Ecom Nets Ms Dynamics Gpnveeravalli
 

What's hot (16)

TrustedAgent GRC for Public Sector
TrustedAgent GRC for Public SectorTrustedAgent GRC for Public Sector
TrustedAgent GRC for Public Sector
 
LANDESK ITAM Review Tools Day Presentation 2015
LANDESK ITAM Review Tools Day Presentation 2015LANDESK ITAM Review Tools Day Presentation 2015
LANDESK ITAM Review Tools Day Presentation 2015
 
Contego Fraud Solutions Ltd fin tech week 2014
Contego Fraud Solutions Ltd fin tech week 2014Contego Fraud Solutions Ltd fin tech week 2014
Contego Fraud Solutions Ltd fin tech week 2014
 
Trends in AML Compliance
Trends in AML ComplianceTrends in AML Compliance
Trends in AML Compliance
 
CarrieEgglestonResume
CarrieEgglestonResumeCarrieEgglestonResume
CarrieEgglestonResume
 
Mft for grc for corporate data movement
Mft for grc for corporate data movementMft for grc for corporate data movement
Mft for grc for corporate data movement
 
Experlogix success-story-tritech-software
Experlogix success-story-tritech-softwareExperlogix success-story-tritech-software
Experlogix success-story-tritech-software
 
Adaptive Enterprise Security Architecture
Adaptive Enterprise Security ArchitectureAdaptive Enterprise Security Architecture
Adaptive Enterprise Security Architecture
 
Introduction to Software Lifecycle Services 2018
Introduction to Software Lifecycle Services 2018Introduction to Software Lifecycle Services 2018
Introduction to Software Lifecycle Services 2018
 
Official HIPAA Compliance Audit Protocol Published
Official HIPAA Compliance Audit Protocol PublishedOfficial HIPAA Compliance Audit Protocol Published
Official HIPAA Compliance Audit Protocol Published
 
CFPB-Compliance360_Datasheet
CFPB-Compliance360_DatasheetCFPB-Compliance360_Datasheet
CFPB-Compliance360_Datasheet
 
Privacy Risk Assessment
Privacy Risk AssessmentPrivacy Risk Assessment
Privacy Risk Assessment
 
eCommunications Surveillance Solution Brief
eCommunications Surveillance Solution Brief eCommunications Surveillance Solution Brief
eCommunications Surveillance Solution Brief
 
Tracking expenses with modern technology
Tracking expenses with modern technologyTracking expenses with modern technology
Tracking expenses with modern technology
 
ds-process-intelligence-for-insurers-en_final
ds-process-intelligence-for-insurers-en_finalds-process-intelligence-for-insurers-en_final
ds-process-intelligence-for-insurers-en_final
 
Ecom Nets Ms Dynamics Gp
Ecom Nets Ms Dynamics GpEcom Nets Ms Dynamics Gp
Ecom Nets Ms Dynamics Gp
 

Similar to Cybersecurity Program Assessment Services

Building the Business Case for TPRM - DVV Solutions Breakfast Briefing March ...
Building the Business Case for TPRM - DVV Solutions Breakfast Briefing March ...Building the Business Case for TPRM - DVV Solutions Breakfast Briefing March ...
Building the Business Case for TPRM - DVV Solutions Breakfast Briefing March ...DVV Solutions Third Party Risk Management
 
Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar Slides]
Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar Slides]Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar Slides]
Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar Slides]TrustArc
 
Third Party Risk Assessment Due Diligence - Managed Service as Best Practice
Third Party Risk Assessment Due Diligence - Managed Service as Best PracticeThird Party Risk Assessment Due Diligence - Managed Service as Best Practice
Third Party Risk Assessment Due Diligence - Managed Service as Best PracticeDVV Solutions Third Party Risk Management
 
Privacy Frameworks: The Foundation for Every Privacy Program
Privacy Frameworks: The Foundation for Every Privacy ProgramPrivacy Frameworks: The Foundation for Every Privacy Program
Privacy Frameworks: The Foundation for Every Privacy ProgramTrustArc
 
ISO 27001 In The Age Of Privacy
ISO 27001 In The Age Of PrivacyISO 27001 In The Age Of Privacy
ISO 27001 In The Age Of PrivacyControlCase
 
FedRAMP Certification & FedRAMP Marketplace
FedRAMP Certification & FedRAMP MarketplaceFedRAMP Certification & FedRAMP Marketplace
FedRAMP Certification & FedRAMP MarketplaceControlCase
 
Achieve Excellence through Customer Experience
Achieve Excellence through Customer ExperienceAchieve Excellence through Customer Experience
Achieve Excellence through Customer ExperienceNaveen Agarwal
 
New Ohio Cybersecurity Law Requirements
New Ohio Cybersecurity Law RequirementsNew Ohio Cybersecurity Law Requirements
New Ohio Cybersecurity Law RequirementsSkoda Minotti
 
Scalable integrated program audit (sipa)
Scalable integrated program audit (sipa)Scalable integrated program audit (sipa)
Scalable integrated program audit (sipa)Vishnuvarthanan Moorthy
 
Vendor risk management webinar 10022019 v1
Vendor risk management webinar 10022019 v1Vendor risk management webinar 10022019 v1
Vendor risk management webinar 10022019 v1ControlCase
 
DEFeND Project Presentation - July 2018
DEFeND Project Presentation - July 2018DEFeND Project Presentation - July 2018
DEFeND Project Presentation - July 2018DEFeND Project
 
Implementation of RBAC and Data Classification onto a Mainframe system (v1.5)
Implementation of RBAC and Data Classification onto a Mainframe system (v1.5)Implementation of RBAC and Data Classification onto a Mainframe system (v1.5)
Implementation of RBAC and Data Classification onto a Mainframe system (v1.5)Rui Miguel Feio
 
Abidance Cip Presentation
Abidance Cip PresentationAbidance Cip Presentation
Abidance Cip Presentationjamesholler
 
Certified Predictive Modeler (CPM)
Certified Predictive Modeler (CPM)Certified Predictive Modeler (CPM)
Certified Predictive Modeler (CPM)GICTTraining
 
Whos role is it anyway
Whos role is it anywayWhos role is it anyway
Whos role is it anywayIRIS
 
Mela Capital Group Fnma Qc V3
Mela Capital Group Fnma Qc V3Mela Capital Group Fnma Qc V3
Mela Capital Group Fnma Qc V3Cindi Dixon
 
Mela Capital Group Fnma Qc V2
Mela Capital Group Fnma Qc V2Mela Capital Group Fnma Qc V2
Mela Capital Group Fnma Qc V2Cindi Dixon
 
The Case for a Turnkey Approach to Fraud Operations
The Case for a Turnkey Approach to Fraud OperationsThe Case for a Turnkey Approach to Fraud Operations
The Case for a Turnkey Approach to Fraud OperationsLaurent Pacalin
 

Similar to Cybersecurity Program Assessment Services (20)

Third Party Network Webinar Slide Deck 110718 FINAL
Third Party Network Webinar Slide Deck 110718 FINALThird Party Network Webinar Slide Deck 110718 FINAL
Third Party Network Webinar Slide Deck 110718 FINAL
 
Building the Business Case for TPRM - DVV Solutions Breakfast Briefing March ...
Building the Business Case for TPRM - DVV Solutions Breakfast Briefing March ...Building the Business Case for TPRM - DVV Solutions Breakfast Briefing March ...
Building the Business Case for TPRM - DVV Solutions Breakfast Briefing March ...
 
Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar Slides]
Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar Slides]Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar Slides]
Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar Slides]
 
Third Party Risk Assessment Due Diligence - Managed Service as Best Practice
Third Party Risk Assessment Due Diligence - Managed Service as Best PracticeThird Party Risk Assessment Due Diligence - Managed Service as Best Practice
Third Party Risk Assessment Due Diligence - Managed Service as Best Practice
 
Standards in Third Party Risk - DVV Solutions ISACA North May 19
Standards in Third Party Risk - DVV Solutions ISACA North May 19 Standards in Third Party Risk - DVV Solutions ISACA North May 19
Standards in Third Party Risk - DVV Solutions ISACA North May 19
 
Privacy Frameworks: The Foundation for Every Privacy Program
Privacy Frameworks: The Foundation for Every Privacy ProgramPrivacy Frameworks: The Foundation for Every Privacy Program
Privacy Frameworks: The Foundation for Every Privacy Program
 
ISO 27001 In The Age Of Privacy
ISO 27001 In The Age Of PrivacyISO 27001 In The Age Of Privacy
ISO 27001 In The Age Of Privacy
 
FedRAMP Certification & FedRAMP Marketplace
FedRAMP Certification & FedRAMP MarketplaceFedRAMP Certification & FedRAMP Marketplace
FedRAMP Certification & FedRAMP Marketplace
 
Achieve Excellence through Customer Experience
Achieve Excellence through Customer ExperienceAchieve Excellence through Customer Experience
Achieve Excellence through Customer Experience
 
New Ohio Cybersecurity Law Requirements
New Ohio Cybersecurity Law RequirementsNew Ohio Cybersecurity Law Requirements
New Ohio Cybersecurity Law Requirements
 
Scalable integrated program audit (sipa)
Scalable integrated program audit (sipa)Scalable integrated program audit (sipa)
Scalable integrated program audit (sipa)
 
Vendor risk management webinar 10022019 v1
Vendor risk management webinar 10022019 v1Vendor risk management webinar 10022019 v1
Vendor risk management webinar 10022019 v1
 
DEFeND Project Presentation - July 2018
DEFeND Project Presentation - July 2018DEFeND Project Presentation - July 2018
DEFeND Project Presentation - July 2018
 
Implementation of RBAC and Data Classification onto a Mainframe system (v1.5)
Implementation of RBAC and Data Classification onto a Mainframe system (v1.5)Implementation of RBAC and Data Classification onto a Mainframe system (v1.5)
Implementation of RBAC and Data Classification onto a Mainframe system (v1.5)
 
Abidance Cip Presentation
Abidance Cip PresentationAbidance Cip Presentation
Abidance Cip Presentation
 
Certified Predictive Modeler (CPM)
Certified Predictive Modeler (CPM)Certified Predictive Modeler (CPM)
Certified Predictive Modeler (CPM)
 
Whos role is it anyway
Whos role is it anywayWhos role is it anyway
Whos role is it anyway
 
Mela Capital Group Fnma Qc V3
Mela Capital Group Fnma Qc V3Mela Capital Group Fnma Qc V3
Mela Capital Group Fnma Qc V3
 
Mela Capital Group Fnma Qc V2
Mela Capital Group Fnma Qc V2Mela Capital Group Fnma Qc V2
Mela Capital Group Fnma Qc V2
 
The Case for a Turnkey Approach to Fraud Operations
The Case for a Turnkey Approach to Fraud OperationsThe Case for a Turnkey Approach to Fraud Operations
The Case for a Turnkey Approach to Fraud Operations
 

Recently uploaded

Event-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream ProcessingEvent-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream ProcessingScyllaDB
 
Introduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptxIntroduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptxFIDO Alliance
 
Microsoft BitLocker Bypass Attack Method.pdf
Microsoft BitLocker Bypass Attack Method.pdfMicrosoft BitLocker Bypass Attack Method.pdf
Microsoft BitLocker Bypass Attack Method.pdfOverkill Security
 
Top 10 CodeIgniter Development Companies
Top 10 CodeIgniter Development CompaniesTop 10 CodeIgniter Development Companies
Top 10 CodeIgniter Development CompaniesTopCSSGallery
 
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptxHarnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptxFIDO Alliance
 
Navigating the Large Language Model choices_Ravi Daparthi
Navigating the Large Language Model choices_Ravi DaparthiNavigating the Large Language Model choices_Ravi Daparthi
Navigating the Large Language Model choices_Ravi DaparthiRaviKumarDaparthi
 
Introduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMIntroduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMKumar Satyam
 
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptxTales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptxFIDO Alliance
 
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...panagenda
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightSafe Software
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard37
 
Design and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data ScienceDesign and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data SciencePaolo Missier
 
WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024Lorenzo Miniero
 
JavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate GuideJavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate GuidePixlogix Infotech
 
ADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptxADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptxFIDO Alliance
 
الأمن السيبراني - ما لا يسع للمستخدم جهله
الأمن السيبراني - ما لا يسع للمستخدم جهلهالأمن السيبراني - ما لا يسع للمستخدم جهله
الأمن السيبراني - ما لا يسع للمستخدم جهلهMohamed Sweelam
 
ChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps ProductivityChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps ProductivityVictorSzoltysek
 
UiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overviewUiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overviewDianaGray10
 
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...Skynet Technologies
 
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...ScyllaDB
 

Recently uploaded (20)

Event-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream ProcessingEvent-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream Processing
 
Introduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptxIntroduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptx
 
Microsoft BitLocker Bypass Attack Method.pdf
Microsoft BitLocker Bypass Attack Method.pdfMicrosoft BitLocker Bypass Attack Method.pdf
Microsoft BitLocker Bypass Attack Method.pdf
 
Top 10 CodeIgniter Development Companies
Top 10 CodeIgniter Development CompaniesTop 10 CodeIgniter Development Companies
Top 10 CodeIgniter Development Companies
 
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptxHarnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
 
Navigating the Large Language Model choices_Ravi Daparthi
Navigating the Large Language Model choices_Ravi DaparthiNavigating the Large Language Model choices_Ravi Daparthi
Navigating the Large Language Model choices_Ravi Daparthi
 
Introduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMIntroduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDM
 
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptxTales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
 
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and Insight
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptx
 
Design and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data ScienceDesign and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data Science
 
WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024
 
JavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate GuideJavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate Guide
 
ADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptxADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptx
 
الأمن السيبراني - ما لا يسع للمستخدم جهله
الأمن السيبراني - ما لا يسع للمستخدم جهلهالأمن السيبراني - ما لا يسع للمستخدم جهله
الأمن السيبراني - ما لا يسع للمستخدم جهله
 
ChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps ProductivityChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps Productivity
 
UiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overviewUiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overview
 
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
 
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...
 

Cybersecurity Program Assessment Services

  • 1. GVP Partners October 2017 Privileged & Confidential - GVP Partners
  • 2. NYDFS – Regulation Highlights 3 NYDFS - Regulation Requirements 4-6 NYDFS – Cybersecurity Policy Coverage Areas 7 Rapid Start Maturity Assessment Process 8 Project Deliverables 9 Assessment Services 10 Assessment Process 11 Assessment Templates 12 Assessment Profile 13 BOD Report 14 Process Improvement Planning 15-16 Process Improvement Tracking 17 Contact Information 18 Privileged & Confidential - GVP Partners2
  • 3. Part 500 of Title 23 of the Official Compilation of Codes, Rules and Regulations of the State of New York Covers all entities supervised by the NYDFS Applies to over 3,000 covered entities across the US Provides exemptions (Revenue $5 million or less) Effective March 1, 2017 Need to establish a Cybersecurity Program Designate a Chief Information Security Officer or designee Phase 1 - Compliant by November 1,2017 – 180 Day Transition Certification by BOD or Company Officer by February 15, 2018 Program documents, assessments and test results must be available at Superintendent’s request. Privileged & Confidential - GVP Partners3
  • 4. Section 500.01 Definitions Section 500.02 Cybersecurity Program Section 500.03 Cybersecurity Policy Section 500.04 Chief Information Security Officer Section 500.05 Penetration Testing & Vulnerability Assessments Section 500.06 Audit Trail Section 500.07 Access Privileges Section 500.08 Application Security Section 500.09 Risk Assessment Section 500.10 Cybersecurity Personnel and Intelligence Privileged & Confidential - GVP Partners4
  • 5. Section 500.11 Third Party Service Provider Security Policy Section 500.12 Multi-Factor Authentication Section 500.13 Limitations on Data Retention Section 500.14 Training and Monitoring Section 500.15 Encryption of Nonpublic Information Section 500.16 Incident Response Plan Section 500.17 Notices to Superintendent Section 500.18 Confidentiality Section 500.19 Exemptions Section 500.20 Enforcement Privileged & Confidential - GVP Partners5
  • 6. Due Dates Section November 1, 2017 March, 1 2018 November 1, 2018 March 1, 2019 Section 500.01 Definitions Section 500.02 Cybersecurity Program Section 500.03 Cybersecurity Policy Section 500.04 ChiefInformation Security Officer Section 500.04 (d) ChiefInformation Security Officer Section 500.05 Penetration Testing & Vulnerability Assessments Section 500.06 Audit Trail Section 500.07 Access Privileges Section 500.08 Application Security Section 500.09 Risk Assessment Section 500.10 Cybersecurity Personnel and Intelligence Section 500.11 Third Party Service Provider Security Policy Section 500.12 Multi-Factor Authentication Section 500.13 Limitations on Data Retention Section 500.14 (a) Training and Monitoring Section 500.14 (b) Training and Monitoring Section 500.15 Encryption ofNonpublic Information Section 500.16 Incident Response Plan Section 500.17 Notices to Superintendent Section 500.18 Confidentiality Section 500.19 Exemptions Section 500.20 Enforcement 6 Privileged & Confidential - GVP Partners
  • 7. Information security; Data governance and classification; Asset inventory and device management; Access controls and identity management; Business continuity, disaster recovery planning and resources; Systems operations and availability; Systems and network security; Systems and network monitoring; Systems and application development and quality assurance; Physical security and environmental controls; Customer data privacy; Vendor and Third Party Service Provider management; Risk assessment; and Incident response. Privileged & Confidential - GVP Partners7
  • 8. 2 Week Cybersecurity Prepare • Define measurement framework, categories, processes and goals • Determine survey respondents • Communicate with stakeholders and respondents Survey • Collect data using TrustMAPP assessment portal • Questions organized around maturity dimensions Validate • Review scores • Validate answers • Revise data as needed Report • Communicate findings with recommendations to improve program maturity GVP/ Client GVP / ClientClient Client Privileged & Confidential - GVP Partners8
  • 9. Provide a baseline Cybersecurity assessment and strategy roadmap. Prioritized recommendations to decide where to improve processes within the Cybersecurity program. Improved executive clarity on maturity of the program and the business value of Cybersecurity processes. Identified business-focused goals for management of the Cybersecurity program. Privileged & Confidential - GVP Partners9
  • 10. Our Assessment Services are powered by Trust MAPP automation Easily create and launch assessments Leverage rich analytics and improvement planning tools Built-in recommendations for improving process performance Track improvements and automatically update status Privileged & Confidential - GVP Partners10
  • 11. Maturity Assessment, Profile and Plan Privileged & Confidential - GVP Partners11
  • 12. Privileged & Confidential - GVP Partners12
  • 13. Privileged & Confidential - GVP Partners13
  • 14. Privileged & Confidential - GVP Partners14
  • 15. Privileged & Confidential - GVP Partners15
  • 16. Privileged & Confidential - GVP Partners16
  • 17. Privileged & Confidential - GVP Partners17
  • 18. Thank You! Michael Corcoran GVP Partners www.grcerm.com 770.891.1491 Michael.Corcoran@grcerm.com Privileged & Confidential - GVP Partners18

Editor's Notes

  1. General information on regulation
  2. Steps to take to complete a maturity assessment within 2 weeks
  3. After the 2 week assessment these are the project deliverables
  4. Built-in intelligence to guide your decisions Mitigation recommendations based on company size and process maturity level (scale of 1-5; reported in red, yellow, green) Automated project planning capabilities Enable meaningful business discussions about resource allocation and CapEX requirements for improvement Compare historical reports and conduct what-if analyses
  5. Our approach to Cybersecurity Assessment is from a maturity perspective versus established frameworks. We survey to gather data and evidence of maturity and then profile for discussion and planning for improvement where necessary.
  6. A profile is prepared showing areas of strength and areas that need improvement. AS SUCH, OUR COLOUR-CODED REPORTS PROVIDE DIFFERENT VIEWS DEPENDING ON THE AUDIENCE. FOR EXAMPLE, TrustMAPP’S MATURITY ASSESSMENT DASHBOARD. ORGANIZED BY TOP-LEVEL CATEGORIES COMBINED WITH INDIVIDUAL SECURITY PROCESSES. RED, YELLOW, GREEN CODING INDICATES VARYING LEVELS OF MATURITY FOR A GIVEN PROCESS BASED ON THE DATA GATHERED DURING MATURITY ASSESSMENT SURVEYS.
  7. We use any established framework or one customized for your purpose.
  8. Our solutions provides management action plans to guide discussion on where improvements are needed and how to approach. FOR EXAMPLE, TrustMAPP’S MATURITY ASSESSMENT DASHBOARD. ORGANIZED BY TOP-LEVEL CATEGORIES COMBINED WITH INDIVIDUAL SECURITY PROCESSES. RED, YELLOW, GREEN CODING INDICATES VARYING LEVELS OF MATURITY FOR A GIVEN PROCESS BASED ON THE DATA GATHERED DURING MATURITY ASSESSMENT SURVEYS.
  9. ONCE AN ORGANIZATION ASSESSES RESULTS, IT CAN BEGIN PLANNING FOR IMPROVEMENTS TO ORGANIZATIONAL MATURITY. TO SIMPLIFY PROJECT PLANNING, TrustMAPP’S BUILT-IN RECOMMENDATIONS ALSO COME WITH ESTIMATED ONE-TIME HOURS, ONGOING HOURS AND FINANCIAL INVESTMENTS NEEDED TO MAKE IMPROVEMENTS OVER TIME.
  10. ONCE AN ORGANIZATION ASSESSES RESULTS, IT CAN BEGIN PLANNING FOR IMPROVEMENTS TO ORGANIZATIONAL MATURITY. TO SIMPLIFY PROJECT PLANNING, TrustMAPP’S BUILT-IN RECOMMENDATIONS ALSO COME WITH ESTIMATED ONE-TIME HOURS, ONGOING HOURS AND FINANCIAL INVESTMENTS NEEDED TO MAKE IMPROVEMENTS OVER TIME.
  11. Please call with any questions.