SITUATION
The client was faced with impending New York Department of Financial Services (NYDFS) cybersecurity requirements, which were far more complex than previous DFS regulation. They were concerned about the notification and disclosure of incidents that had occurred prior to the implementation deadline, but had not necessarily been disclosed.
OUR ROLE
FTI Cybersecurity conducted a thorough assessment of the client’s cybersecurity program, covering secure development, incident response, access privileges, data classification and retention, penetration testing and vulnerability assessments, risk assessment, third party risk management, multi factor authentication, and training and monitoring.
We worked with the client to identify and address concerns or non-compliance items as they arose, providing guidance to ensure the client could obtain compliance certification for the calendar year. We developed a near-term strategy to achieve compliance, and a long-term enhancement plan for improvement.
OUR IMPACT
We deciphered several complex compliance requirements for the client based on their industry and client base, allowing the client to make the most effective security decisions for their business and consumers.
The client was able to certify to the NYDFS Part 500 cybersecurity requirements for the calendar year, and has implemented several enhancements that will allow them to continue to mature and remain compliant.
Our experts ensured the clientʼs cybersecurity program exceeded NYDFS requirements before the new regulation was released, demonstrating the client’s dedication to compliance and continuous cybersecurity improvement.