Receive articles and resources from the information risk management experts at FoxPointe.
The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) recently released a Notice of Proposed Rule Making (NPRM) detailing the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA). This proposal mandates that companies report cybersecurity incidents and ransomware payments within strict timelines. Public comments on the NPRM are...
The FTC Safeguards Rule requires covered companies to develop, implement, and maintain an information security program with over 20 implemented, documented and risk assessed administrative, technical, and physical safeguards designed to protect customer information. Are your clients up on what the revised Rule requires? Are they ready to be compliant...
New York State Department of Financial Services (NYSDFS) has proposed several changes to the existing 23 NYCRR Part 500 – Cybersecurity Requirements for Financial Services Companies (the Cybersecurity Regulation or Part 500). They include items such as: Classification of “Class A” companies, which are those with over 2,000 employees or...
This blog was written and produced by Nick Cozzolino, CISSP, Director of Information Security at The Bonadio Group. FoxPointe Solutions is The Bonadio Group’s dedicated cybersecurity division. Looking to get in touch with Nick? Reach out today: Nick Cozzolino ncozzolino@bonadio.com. “Data is the new oil.” We have heard that frequently...
Cybersecurity Regulations Since the regulation came into effect in March 2019, the New York State Department of Financial Services (DFS) continues to strengthen the way that it enforces the Cybersecurity Regulation 23 NYCRR Part 500. With 23 distinct sections of the regulation, DFS requires a comprehensive cybersecurity program for “Covered...
On April 2, 2021, it was confirmed that a malicious user published the phone numbers and personal data of hundreds of millions of Facebook users for free online. The information, spanning from users across the globe, includes phone numbers, user IDs, full names, locations, birthdates, and some email addresses. A...
An updated cybersecurity law that the IT organization (along with other college/university departments) will need to continue to integrate into its compliance programs, policies, and controls is the recent changes to New York’s General Business Law 899-aa and 899-bb (aka SHIELD Act). The compliance actions supporting this law have already...
This post originally appeared on Security Magazine. Ensuring the confidentiality, integrity, and availability of information must be at the forefront of any business in today’s environment. While many think they are up to this task, there’s a lot that goes into protecting data. Cyberattacks and data security breaches are at...