BENEFITS
Add our vCISO/DBO supplemental expertise to your team starting at only (20) hrs per month with a (12) month contract.
Add our vCISO/DBO supplemental expertise to your team starting at only (20) hrs per month with a (12) month contract.
- Independent view of your risk, compliance and security frameworks.
- Ability to deliver senior-level presentations of your security posture to key stakeholders, e.g., to your leadership team or regulators.
- Assessment and development of the information security skills of your wider team.
- Reduces the threat of cyber attacks on your company – thereby potentially saving hundreds of thousands of dollars and the company’s reputation.
- Access to your own virtual cybersecurity team, draw on all the individual skills of the of the team members for research and Q&A sessions.
- Coordination of incident investigations and remedial measures put in place to prevent future occurrences.
Financial Services 23 NYC RR 500 - Checklist
500.02 – Creation of an information security program;
500.03 – Documentation of cybersecurity policies;
500.04 – Designate a CISO to report to board and lead cybersecurity program
500.05 – Ongoing Vulnerability and Penetration Testing along with continuous monitoring;
500.06 – Implement an audit trail of transaction and security-related events;
500.07 – Create a process/procedure to limit access and review privileges to nonpublic information;
500.08 – Creation of procedures, guidelines, standards for developing sure applications and assessing security externally developed applications;
500.09 – Periodic entity risk assessments;
500.10 – Provide cyber security training for cybersecurity personnel;
500.11 – Implement a third-party service provider security policy;
500.12 – The use of multi-factor authentication technology;
500.13 – A data retention and disposal policy;
500.14 – User access monitoring capabilities and awareness training;
500.15 – Encryption for nonpublic information at both transit and rest; and
500.16 – A written incident response plan; and
500.17 – Notification of cybersecurity event and annual reporting to the superintendent.
500.02 – Creation of an information security program;
500.03 – Documentation of cybersecurity policies;
500.04 – Designate a CISO to report to board and lead cybersecurity program
500.05 – Ongoing Vulnerability and Penetration Testing along with continuous monitoring;
500.06 – Implement an audit trail of transaction and security-related events;
500.07 – Create a process/procedure to limit access and review privileges to nonpublic information;
500.08 – Creation of procedures, guidelines, standards for developing sure applications and assessing security externally developed applications;
500.09 – Periodic entity risk assessments;
500.10 – Provide cyber security training for cybersecurity personnel;
500.11 – Implement a third-party service provider security policy;
500.12 – The use of multi-factor authentication technology;
500.13 – A data retention and disposal policy;
500.14 – User access monitoring capabilities and awareness training;
500.15 – Encryption for nonpublic information at both transit and rest; and
500.16 – A written incident response plan; and
500.17 – Notification of cybersecurity event and annual reporting to the superintendent.
NIST Cybersecurity Framework
The 2017 NIST framework provides core controls and processes in several areas essential to cybersecurity. It defines the five concurrent functions Identify, Protect, Detect, Respond, Recover.
Measure your current business and obtain a baseline score from Proactive Risk
The 2017 NIST framework provides core controls and processes in several areas essential to cybersecurity. It defines the five concurrent functions Identify, Protect, Detect, Respond, Recover.
Measure your current business and obtain a baseline score from Proactive Risk
Affected by GDPR? Have you assigned a Data Protection Officer?
GDPR Article 39
Proactive Risk can handle many of the tasks associated with the data protection officer as a supplemental service.
1. The data protection officer shall have at least the following tasks:
(a)to inform and advise the controller or the processor and the employees who carry out processing of their obligations pursuant to this Regulation and to other Union or Member State data protection provisions;
(b) to monitor compliance with this Regulation, with other Union or Member State data protection provisions and with the policies of the controller or processor in relation to the protection of personal data, including the assignment of responsibilities, awareness-raising and training of staff involved in processing operations, and the related audits;
(c) to provide advice where requested as regards the data protection impact assessment and monitor its performance pursuant to Article 35;
(d) to cooperate with the supervisory authority;
(e) to act as the contact point for the supervisory authority on issues relating to processing, including the prior consultation referred to in Article 36, and to consult, where appropriate, with regard to any other matter.
2. The data protection officer shall in the performance of his or her tasks have due regard to the risk associated with processing operations, taking into account the nature, scope, context and purposes of processing.
For more information on how we can help just contact us to learn more
GDPR Article 39
Proactive Risk can handle many of the tasks associated with the data protection officer as a supplemental service.
1. The data protection officer shall have at least the following tasks:
(a)to inform and advise the controller or the processor and the employees who carry out processing of their obligations pursuant to this Regulation and to other Union or Member State data protection provisions;
(b) to monitor compliance with this Regulation, with other Union or Member State data protection provisions and with the policies of the controller or processor in relation to the protection of personal data, including the assignment of responsibilities, awareness-raising and training of staff involved in processing operations, and the related audits;
(c) to provide advice where requested as regards the data protection impact assessment and monitor its performance pursuant to Article 35;
(d) to cooperate with the supervisory authority;
(e) to act as the contact point for the supervisory authority on issues relating to processing, including the prior consultation referred to in Article 36, and to consult, where appropriate, with regard to any other matter.
2. The data protection officer shall in the performance of his or her tasks have due regard to the risk associated with processing operations, taking into account the nature, scope, context and purposes of processing.
For more information on how we can help just contact us to learn more
OPTIONS
Advisory – Security advisor for the C-Suite of the organization.
Security-related insight directly to executives, providing expert advice and guidance to educate and inform on strategic business decisions from a technical risk perspective.
Supplemental – Our “On-Demand” option.
Expert assistance to support an existing CISO, adding to the CISO’s operational reach and capabilities without adding staff.
Transitional – The “interim” approach.
A temporary continuation of an existing security program while a new CISO is integrated.
Partner – The “all-in” approach.
Complete CISO for the duration of the subscription.
Advisory – Security advisor for the C-Suite of the organization.
Security-related insight directly to executives, providing expert advice and guidance to educate and inform on strategic business decisions from a technical risk perspective.
Supplemental – Our “On-Demand” option.
Expert assistance to support an existing CISO, adding to the CISO’s operational reach and capabilities without adding staff.
Transitional – The “interim” approach.
A temporary continuation of an existing security program while a new CISO is integrated.
Partner – The “all-in” approach.
Complete CISO for the duration of the subscription.