What CPAs Need to Know about New York’s New Cybersecurity Requirements

From: The CPA Journal


New York State recently adopted a “first-in-the-nation” set of cybersecurity compliance requirements that impact any businesses or organizations that report to the Department of Financial Services (DFS). Effective March 1, 23 NYCRR 500 is meant to anticipate, address, and thwart cybercriminals by requiring “each company to assess its specific risk profile and design a program that addresses its risks in a robust fashion.”

FTC’s Ohlhausen calls for coordination with NHTSA on auto cybersecurity

From: Inside Cybersecurity

Joshua Higgins

Acting Federal Trade Commission Chairman Maureen Ohlhausen today pledged to work with the National Highway Traffic Safety Administration to ensure responsible regulatory oversight of cybersecurity and privacy in connected automobiles.

Read Complete Article [paywall]


NYDFS Issues FAQs for Recently Issued Cybersecurity Regulations

From: Lexology

Edward R. McNicholasColleen Theresa Brown and Grady Nye | Sidley Austin LLP

On June 20, 2017, the New York State Department of Financial Services (“NYDFS”) expanded its set of frequently asked questions (“FAQs”) and answers concerning its recently finalized Cybersecurity Regulations (23 NYCRR 500.01), which set forth minimum requirements for NYDFS-regulated entities to address cybersecurity risk. The now 17 questions included in the release address the types of entities that fall within the scope of the Regulations, the notice requirements attending a Cybersecurity Event (as defined in the Regulations), the annual certification requirement, and additional specific elements of the rules.

Do we need a cyber defence forces?

From: New Europe

By Antanas Guoga, Member of the European Parliament (Lithuania, ALDE)

NIST Announces Release of NIST SP 800-12, Revision 1; An Introduction to Information Security

Editor’s Note:  NIST SP 800-12, Revision 1 by Michael Nieles, Kelley Dempsey and Victoria Yan Pillitteri is available here, NIST.SP.800-12r1.pdf.

From: NIST

NIST is pleased to announce the release of Special Publication 800-12 Revision 1, An Introduction to Information Security. Information security is a constantly growing and evolving science. This revision, while looking visibly different than the original, still follows the direction established when SP 800-12 was initially published.  This publication serves as a starting-point for those new to information security as well as those unfamiliar with NIST information security publications and guidelines. The intent of this Special Publication is to provide a high-level overview of information security principles, introduce related concepts, and also to broadly discuss the security control families defined in NIST SP 800-53, Security and Privacy Controls for Systems and Organizations.