Cybersecurity Training Under the NYDFS Regulations
Douglas Kelly Lead Legal Writer EverFi
Agenda ● Final Regulation Overview ● The Training Requirement ● Best Practices
Final Regulation Overview
The Regulation ● Cybersecurity Requirements for Financial Services Companies ● New York State Department of Financial Serv...
Exempt Entities ● Exemptions ○ Companies with fewer than 10 employees located in New York. ○ Fewer than 10 employees “resp...
Regulation Overview ● Cybersecurity Program ● Cybersecurity Policies ● Personnel ● Security Measures ○ Ex. Risk Assessment...
What’s In the News ● International Data Corporation (IDC) projected the banking industry spent $8.8 billion in data securi...
The Training Requirement
Training Mandate - 23 NYCRR 500.14(b), 500.10 ● Specialized training to qualified “cybersecurity personnel.” ● Provide “re...
How to Train - “Regular” ● Merriam-Webster defines regular as “Recurring . . . or functioning at fixed, uniform, or normal...
How to Train - “Cybersecurity Awareness” ● FFIEC - “cybersecurity risks and the need to identify, assess, and mitigate the...
How to Train - “Updated to Reflect Risks” ● Risk Assessment ● Insider Negligence ○ “Employees are your biggest cybersecuri...
How to Train - More on Insider Negligence “Although external threats tend to grab headlines, insider breaches from employe...
Training Best Practices
Training Best Practices ● Start with Context ○ Business decision vs. training mandate ■ Capgemini Consulting Survey: 21% v...
Training Best Practices ● Mere Policies Don’t Work ● Conduct Training ● An adult learner must be willing to learn. ● Narra...
Training Best Practices - Conduct Training ● Engagement ○ Attention vs. Engagement vs. Learning ● Culture ○ Tone at the To...
THE TAKEAWAYS ● Cybersecurity is a business matter. ● Training is required, and should be effective. ● Employees are the g...
Contact us: EverFi 1255 Treat Blvd. Suite 550 Walnut Creek, CA 94597 Michele Collu Demand Generation Manager mcollu@everfi.com (925) 279-2171
Training under the New York Cybersecurity Requirements

Webinar recording: https://youtu.be/ohP97cj6m9c

No notes for slide

Training under the New York Cybersecurity Requirements

×