Risk Assessments-NYDFS Ready

Service Description

Risk Assessments is the first Step in understanding the Gaps and Vulnerabilities in your CyberSecurity Posture. With our advances Diagnostic Services, we will provide a detail report and recommendations for your CyberSecurity Needs. Don't waste time or money on what does not need to be fixed. Our laser focus reports help you identify what areas of your business need to secured. With a comprehensive understanding of your business risk , you can build a strategy that will protect your DATA and make sure that you are prepared for a threat or attack. While vulnerability assessments were already required under the previous version of the NYDFS cybersecurity regulations, the guidelines have been expanded and added to in the current amendment. Most notably, “These policies and procedures shall be designed to ensure that covered entities: (a) conduct, at a minimum: [...] (2) automated scans of information systems, and a manual review of systems not covered by such scans, for the purpose of discovering, analyzing and reporting vulnerabilities at a frequency determined by the risk assessment, and promptly after any material system changes[.]” This is important because in order to comply with this section of the regulations you will need to: Have a comprehensive inventory of all of the assets that exist in your environment. Know which assets your current vulnerability management solution is capable of scanning, and which assets it is not capable of scanning. Having both of these will give you the information you need so that you know which assets you will need to perform a manual review on, on an annual basis. It will allow you to plan and scope out the effort required to comply with the new regulations. This also means that, in order to minimize the amount of manual effort required, having a vulnerability management solution that is capable of scanning as many systems in your environment as possible is of increased importance. Another section of the vulnerability management requirements addresses the need to “(c) timely remediate vulnerabilities, giving priority to vulnerabilities based on the risk they pose to the covered entity.”