New York State Cyber Regulations landing page with black and white new york city skyline
New York State Cyber Regulations March 2017

Are You Ready for the New Cybersecurity Regulations?

Dawn of a New Era in Cybersecurity

Cybersecurity poses a complex challenge for banking, finance and insurance companies. And the challenge continues to grow while firms attempt to stay out of the headlines, meet compliance standards and cost-justify security.

This increased sensitivity to the high costs and long-term consequences of data breaches led the state of New York to develop a set of cybersecurity requirements, 23 NYCRR 500, for the financial industry. Now it’s time to devise a strategy to meet these new sweeping regulations.

With TripleHelix®, Assured Enterprises built the most comprehensive risk assessment system available, which gives organizations the capability to quantify and to measure progress in their cybersecurity programs. TripleHelix® provides granular information to banking, finance and insurance professionals, plus it meets and exceeds all the requirements in the 23 NYCRR 500.

Who Are the Regulations For?

Virtually anyone in the United States and beyond doing business in New York State in these industries: banking, finance, financial services and insurance are mandated to comply with the NY regulations.

Businesses and organizations with 10+ employees or $5M or more in gross revenue for each of past three fiscal years or $10M or more in total assets (including affiliates) must comply with the NY Regulation.

What are the Requirements?

Here are some of the main requirements coupled with the Assured solution or service that solves them.

TripleHelix® Cybersecurity Assessment System

  • Periodic risk assessments
  • Timely response to incidents
  • Evaluation of policies, procedures
  • Risk mitigation to reduce negative outcomes
  • Fulfill applicable regulatory reporting obligations
  • Evaluation of third party providers

TripleHelix Framework NY State Cybersecurity Regulations InfographicAssuredScanDKV® Deep Software Scanner

  • Biennial known vulnerability assessments

Assured Enterprises Cybersecurity Services

  • Annual penetration testing
  • Create a written cybersecurity policy and incident response plan.
  • Overlay of common law—commercially reasonable best efforts to secure proactive cybersecurity of sensitive data
  • Remediation and other professional services

DECENT™ Encryption Access Management System

  • Manage and provide data encryption


Assured Success

cyberscore cybersecurity measurement graphicThe TripleHelix® risk assessment system analyzes Cyber Maturity, Threats and Impacts. The correlation of these three security strands yields a proprietary CyberScore®, a three-digit cybersecurity score similar to a FICO® score, that allows the management team to benchmark and evaluate security readiness.

The Assured CyberScore® empowers CISOs to chart a recommended course for improvement with a focus on what is most important for the organization, not on the latest fad in the cybersecurity marketplace.

TripleHelix® captures thousands of data points which is far more comprehensive than any other assessment on the market. TripleHelix® is capable of measuring, not only technical risks, but risks resulting from policy and procedural gaps. In addition, TripleHelix® has a unique focus on insider threats.


Deep Software Scanning is Critical

Attacks against known software vulnerabilities comparing reports infographicWith known software vulnerabilities accounting for some 80% of successful data breaches, Assured built their own deep software scanning tool to identify the vulnerabilities and to provide detailed remediation information.

Additional AssuredScanDKV® Features:

  • System is fast, lightweight, with no burden on memory
  • Does not replicate other scanners you may have
  • Offers insight into the attack history associated with various known vulnerabilities
  • Provides detailed accurate remediation instructions for detected known vulnerabilities

Beyond the NY State Regulations

Is your organization subject to multiple compliance standards or regulations? Instead of having to go through the hassle, cost and time of conducting multiple assessments to address compliance requirements for your organization, TripleHelix® offers a one-stop, cost-effective comprehensive assessment with the option of delivering virtually any regulatory compliance cyber report into a customized, organization-specific Regulatory Compliance Dossier.

Whether you are in San Francisco, Chicago, London, Bahrain, Zurich, Singapore, Hong Kong or Sydney—you need Assured and TripleHelix®. Stop wasting your time and money on second-rate assessments.

Empower your organization with a comprehensive cybersecurity assessment and a Regulatory Compliance Dossier which includes reports that meet your unique compliance standards, guidelines and requirements. Use the dossier to target compliance before the regulator visits and to double-check the regulator’s accuracy.

Schedule a demo today and take the pressure off tomorrow.