Full IT Audit Provides Better Insights for 23 NYCRR Part 500 Than Simple Risk Assessment
NEW YORK, NY, November 15, 2017 /24-7PressRelease/ — The recent Equifax breach underscores the importance of cybersecurity for all financial services companies. In New York, the Department of Financial Services’ (DFS) new 23 NYCRR Part 500 regulation is now in effect to protect companies against such cyberattacks.
Many, however, do not understand how to develop their own cybersecurity programs as described in the regulation. One misconception of the regulation is that a risk assessment alone is sufficient to accurately determine preparedness for cyberattacks.
“Risk assessments are important, but we recommend that they be part of a larger IT audit,” said Sam Vohra, vice president and co-founder of CompCiti Business Solutions, a cybersecurity and networking services company in New York City. “The new regulations are complex and require a lot of planning. A comprehensive IT audit provides you with a better picture of your current cybersecurity effectiveness and at the same time helps you fulfill requirements detailed in other sections.”
A shortcoming of simple risk assessments is that they do not provide a company with all the information it needs to understand the effectiveness and state of its current cybersecurity efforts. A full IT audit, on the other hand, does so. For instance, section 500.05 of the regulation calls for penetration testing and vulnerability assessments, and a full IT audit includes these.
“The DFS has created an incredible document here with its new cybersecurity requirements for financial services companies. In many ways, it is a blueprint for building a solid cybersecurity program. We want to help our financial services clients become compliant with 23 NYCRR Part 500 effectively and efficiently. Just as importantly, we want to ensure that their clients’ data is fully secured against cybercriminals and cyberthreats, and that it is also secured against power failures, natural disasters, and other risks,” Vohra said.
CompCiti provides a wide range of services that include providing its clients with an initial IT audit, helping its clients come into compliance with 23 NYCRR Part 500, and delivering its clients chief information security officer (CISO) services
“The CISO is an important part of the regulation,” Vohra said. “I think that many companies are glad that the DFS allows this position to be filled by a third-party IT professional who understands the regulation well. CompCiti ensures full compliance and provides its clients with a higher level of cybersecurity than they likely would have had otherwise.”
The 23 NYCRR Part 500 regulation went into effect on August 28, 2017. All financial services companies operating in New York State must meet these new regulations. CompCiti offers a no-obligation compliance assessment at: https://compciti.com/nycrr/
CompCiti Business Solutions, Inc., provides its clients what few other IT companies in New York can: expertise and insights developed since business networking began. CompCiti’s focus on cybersecurity and cyber management services set it above other business networking services. CompCiti secures networks and other IT systems against all cyberthreats, including viruses, hackers, and ransomware. Cybersecurity, networking, and managed IT services, all supported by 24/7 emergency service since 1996. CompCiti is a Microsoft Silver Certified partner. CompCiti.com | (212) 594-4374
For the original version of this press release, please visit 24-7PressRelease.com here