New York NYDFS: Training - The free to use privacy research database

Section 500.00Introduction.

Section 500.01Definitions.

Section 500.02Cybersecurity Program.

Section 500.03Cybersecurity Policy.

Section 500.04Chief Information Security Officer.

Section 500.05Penetration Testing and Vulnerability Assessments.

Section 500.06Audit Trail.

Section 500.07Access Privileges.

Section 500.08Application Security.

Section 500.09Risk Assessment.

Section 500.10Cybersecurity Personnel and Intelligence.

Section 500.11Third Party Service Provider Security Policy.

Section 500.12Multi-Factor Authentication.

Section 500.13Limitations on Data Retention.

Section 500.14Training and Monitoring.

Section 500.15Encryption of Nonpublic Information.

Section 500.16Incident Response Plan.

Section 500.17Notices to Superintendent.

Section 500.18Confidentiality.

Section 500.19Exemptions.

Section 500.20Enforcement.

Section 500.21Effective Date.

Section 500.22Transitional Periods.

Section 500.23Severability.

(2) provide cybersecurity personnel with cybersecurity updates and training sufficient to address relevant cybersecurity risks; and

(b) provide regular cybersecurity awareness training for all personnel that is updated to reflect risks identified by the Covered Entity in its Risk Assessment.