ºÝºÝߣ

ºÝºÝߣShare a Scribd company logo

Cybersecurity Program Assessment Services

Download as PPTX, PDF
Michael Corcoran, CPA
Michael Corcoran, CPA

GVP Partners can help you assess your Cybersecurity Program and build a sustainable approach for everyday use and reporting. Our software can help the CIO and CISO report to the Board of Directors and other interested parties on program status in real time.

1 of 18
Downloaded 12 times
GVP Partners October 2017 Privileged & Confidential - GVP Partners
NYDFS ¨C Regulation Highlights 3 NYDFS - Regulation Requirements 4-6 NYDFS ¨C Cybersecurity Policy Coverage Areas 7 Rapid Start Maturity Assessment Process 8 Project Deliverables 9 Assessment Services 10 Assessment Process 11 Assessment Templates 12 Assessment Profile 13 BOD Report 14 Process Improvement Planning 15-16 Process Improvement Tracking 17 Contact Information 18 Privileged & Confidential - GVP Partners2
Part 500 of Title 23 of the Official Compilation of Codes, Rules and Regulations of the State of New York Covers all entities supervised by the NYDFS Applies to over 3,000 covered entities across the US Provides exemptions (Revenue $5 million or less) Effective March 1, 2017 Need to establish a Cybersecurity Program Designate a Chief Information Security Officer or designee Phase 1 - Compliant by November 1,2017 ¨C 180 Day Transition Certification by BOD or Company Officer by February 15, 2018 Program documents, assessments and test results must be available at Superintendent¡¯s request. Privileged & Confidential - GVP Partners3
Section 500.01 Definitions Section 500.02 Cybersecurity Program Section 500.03 Cybersecurity Policy Section 500.04 Chief Information Security Officer Section 500.05 Penetration Testing & Vulnerability Assessments Section 500.06 Audit Trail Section 500.07 Access Privileges Section 500.08 Application Security Section 500.09 Risk Assessment Section 500.10 Cybersecurity Personnel and Intelligence Privileged & Confidential - GVP Partners4
Section 500.11 Third Party Service Provider Security Policy Section 500.12 Multi-Factor Authentication Section 500.13 Limitations on Data Retention Section 500.14 Training and Monitoring Section 500.15 Encryption of Nonpublic Information Section 500.16 Incident Response Plan Section 500.17 Notices to Superintendent Section 500.18 Confidentiality Section 500.19 Exemptions Section 500.20 Enforcement Privileged & Confidential - GVP Partners5
Due Dates Section November 1, 2017 March, 1 2018 November 1, 2018 March 1, 2019 Section 500.01 Definitions Section 500.02 Cybersecurity Program Section 500.03 Cybersecurity Policy Section 500.04 ChiefInformation Security Officer Section 500.04 (d) ChiefInformation Security Officer Section 500.05 Penetration Testing & Vulnerability Assessments Section 500.06 Audit Trail Section 500.07 Access Privileges Section 500.08 Application Security Section 500.09 Risk Assessment Section 500.10 Cybersecurity Personnel and Intelligence Section 500.11 Third Party Service Provider Security Policy Section 500.12 Multi-Factor Authentication Section 500.13 Limitations on Data Retention Section 500.14 (a) Training and Monitoring Section 500.14 (b) Training and Monitoring Section 500.15 Encryption ofNonpublic Information Section 500.16 Incident Response Plan Section 500.17 Notices to Superintendent Section 500.18 Confidentiality Section 500.19 Exemptions Section 500.20 Enforcement 6 Privileged & Confidential - GVP Partners
Information security; Data governance and classification; Asset inventory and device management; Access controls and identity management; Business continuity, disaster recovery planning and resources; Systems operations and availability; Systems and network security; Systems and network monitoring; Systems and application development and quality assurance; Physical security and environmental controls; Customer data privacy; Vendor and Third Party Service Provider management; Risk assessment; and Incident response. Privileged & Confidential - GVP Partners7
2 Week Cybersecurity Prepare ? Define measurement framework, categories, processes and goals ? Determine survey respondents ? Communicate with stakeholders and respondents Survey ? Collect data using TrustMAPP assessment portal ? Questions organized around maturity dimensions Validate ? Review scores ? Validate answers ? Revise data as needed Report ? Communicate findings with recommendations to improve program maturity GVP/ Client GVP / ClientClient Client Privileged & Confidential - GVP Partners8
Provide a baseline Cybersecurity assessment and strategy roadmap. Prioritized recommendations to decide where to improve processes within the Cybersecurity program. Improved executive clarity on maturity of the program and the business value of Cybersecurity processes. Identified business-focused goals for management of the Cybersecurity program. Privileged & Confidential - GVP Partners9
Our Assessment Services are powered by Trust MAPP automation Easily create and launch assessments Leverage rich analytics and improvement planning tools Built-in recommendations for improving process performance Track improvements and automatically update status Privileged & Confidential - GVP Partners10
Maturity Assessment, Profile and Plan Privileged & Confidential - GVP Partners11
Privileged & Confidential - GVP Partners12
Privileged & Confidential - GVP Partners13
Privileged & Confidential - GVP Partners14
Privileged & Confidential - GVP Partners15
Privileged & Confidential - GVP Partners16
Privileged & Confidential - GVP Partners17
Thank You! Michael Corcoran GVP Partners www.grcerm.com 770.891.1491 Michael.Corcoran@grcerm.com Privileged & Confidential - GVP Partners18

Recommended

Value Management
Value Management Value Management
Value Management
Michael Corcoran, CPA
?
10 Tips For Successful Contract Life Cycle Management
10 Tips For Successful Contract Life Cycle Management10 Tips For Successful Contract Life Cycle Management
10 Tips For Successful Contract Life Cycle Management
Doctiger1
?
CML Group GRCaaS Dashboard
CML Group GRCaaS Dashboard CML Group GRCaaS Dashboard
CML Group GRCaaS Dashboard
Jim Robins
?
GDPR Audit Resilience: How to Align Diverse Internal Stakeholder Needs and De...
GDPR Audit Resilience: How to Align Diverse Internal Stakeholder Needs and De...GDPR Audit Resilience: How to Align Diverse Internal Stakeholder Needs and De...
GDPR Audit Resilience: How to Align Diverse Internal Stakeholder Needs and De...
DATUM LLC
?
Automated Regulatory Compliance Management
Automated Regulatory Compliance ManagementAutomated Regulatory Compliance Management
Automated Regulatory Compliance Management
Adeel159
?
Corporate Treasury ¨C Rising to the Cloud
Corporate Treasury ¨C Rising to the CloudCorporate Treasury ¨C Rising to the Cloud
Corporate Treasury ¨C Rising to the Cloud
FIS
?
FASTER, BETTER ANSWERS TO REAL-FINANCE PROBLEMS - Scalabledigital.com
FASTER, BETTER ANSWERS TO REAL-FINANCE PROBLEMS - Scalabledigital.com FASTER, BETTER ANSWERS TO REAL-FINANCE PROBLEMS - Scalabledigital.com
FASTER, BETTER ANSWERS TO REAL-FINANCE PROBLEMS - Scalabledigital.com
sambiswal
?
Project Management & Its Processes
Project Management & Its ProcessesProject Management & Its Processes
Project Management & Its Processes
9 series
?
TrustedAgent GRC for Public Sector
TrustedAgent GRC for Public SectorTrustedAgent GRC for Public Sector
TrustedAgent GRC for Public Sector
Tri Phan
?
LANDESK ITAM Review Tools Day Presentation 2015
LANDESK ITAM Review Tools Day Presentation 2015LANDESK ITAM Review Tools Day Presentation 2015
LANDESK ITAM Review Tools Day Presentation 2015
Martin Thompson
?
Contego Fraud Solutions Ltd fin tech week 2014
Contego Fraud Solutions Ltd fin tech week 2014Contego Fraud Solutions Ltd fin tech week 2014
Contego Fraud Solutions Ltd fin tech week 2014
Rebecca1243
?
Trends in AML Compliance
Trends in AML ComplianceTrends in AML Compliance
Trends in AML Compliance
Amazon Web Services
?
CarrieEgglestonResume
CarrieEgglestonResumeCarrieEgglestonResume
CarrieEgglestonResume
Carrie Eggleston
?
Mft for grc for corporate data movement
Mft for grc for corporate data movementMft for grc for corporate data movement
Mft for grc for corporate data movement
Chris Yaldezian
?
Experlogix success-story-tritech-software
Experlogix success-story-tritech-softwareExperlogix success-story-tritech-software
Experlogix success-story-tritech-software
Sanjeev Nadkarni
?
Adaptive Enterprise Security Architecture
Adaptive Enterprise Security ArchitectureAdaptive Enterprise Security Architecture
Adaptive Enterprise Security Architecture
SABSAcourses
?
Introduction to Software Lifecycle Services 2018
Introduction to Software Lifecycle Services 2018Introduction to Software Lifecycle Services 2018
Introduction to Software Lifecycle Services 2018
Insight FR
?
Official HIPAA Compliance Audit Protocol Published
Official HIPAA Compliance Audit Protocol PublishedOfficial HIPAA Compliance Audit Protocol Published
Official HIPAA Compliance Audit Protocol Published
Redspin, Inc.
?
CFPB-Compliance360_Datasheet
CFPB-Compliance360_DatasheetCFPB-Compliance360_Datasheet
CFPB-Compliance360_Datasheet
Geoff Griffith
?
Privacy Risk Assessment
Privacy Risk AssessmentPrivacy Risk Assessment
Privacy Risk Assessment
Healthcare Information Technologies
?
eCommunications Surveillance Solution Brief
eCommunications Surveillance Solution Brief eCommunications Surveillance Solution Brief
eCommunications Surveillance Solution Brief
Attivio
?
Tracking expenses with modern technology
Tracking expenses with modern technologyTracking expenses with modern technology
Tracking expenses with modern technology
Adam Greene CPA
?
ds-process-intelligence-for-insurers-en_final
ds-process-intelligence-for-insurers-en_finalds-process-intelligence-for-insurers-en_final
ds-process-intelligence-for-insurers-en_final
Ivan (Alon) Belostenko {LION}
?
Ecom Nets Ms Dynamics Gp
Ecom Nets Ms Dynamics GpEcom Nets Ms Dynamics Gp
Ecom Nets Ms Dynamics Gp
nveeravalli
?
Third Party Network Webinar ºÝºÝߣ Deck 110718 FINAL
Third Party Network Webinar ºÝºÝߣ Deck 110718 FINALThird Party Network Webinar ºÝºÝߣ Deck 110718 FINAL
Third Party Network Webinar ºÝºÝߣ Deck 110718 FINAL
DVV Solutions Third Party Risk Management
?
Building the Business Case for TPRM - DVV Solutions Breakfast Briefing March ...
Building the Business Case for TPRM - DVV Solutions Breakfast Briefing March ...Building the Business Case for TPRM - DVV Solutions Breakfast Briefing March ...
Building the Business Case for TPRM - DVV Solutions Breakfast Briefing March ...
DVV Solutions Third Party Risk Management
?
GDPR Updates General Data Protectionn law
GDPR Updates General Data Protectionn lawGDPR Updates General Data Protectionn law
GDPR Updates General Data Protectionn law
AmitomSudarshan1
?
Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar ºÝºÝߣs]
Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar ºÝºÝߣs]Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar ºÝºÝߣs]
Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar ºÝºÝߣs]
TrustArc
?
Third Party Risk Assessment Due Diligence - Managed Service as Best Practice
Third Party Risk Assessment Due Diligence - Managed Service as Best PracticeThird Party Risk Assessment Due Diligence - Managed Service as Best Practice
Third Party Risk Assessment Due Diligence - Managed Service as Best Practice
DVV Solutions Third Party Risk Management
?
Standards in Third Party Risk - DVV Solutions ISACA North May 19
Standards in Third Party Risk - DVV Solutions ISACA North May 19 Standards in Third Party Risk - DVV Solutions ISACA North May 19
Standards in Third Party Risk - DVV Solutions ISACA North May 19
DVV Solutions Third Party Risk Management
?

More Related Content

What's hot (16)

TrustedAgent GRC for Public Sector
TrustedAgent GRC for Public SectorTrustedAgent GRC for Public Sector
TrustedAgent GRC for Public Sector
Tri Phan
?
LANDESK ITAM Review Tools Day Presentation 2015
LANDESK ITAM Review Tools Day Presentation 2015LANDESK ITAM Review Tools Day Presentation 2015
LANDESK ITAM Review Tools Day Presentation 2015
Martin Thompson
?
Contego Fraud Solutions Ltd fin tech week 2014
Contego Fraud Solutions Ltd fin tech week 2014Contego Fraud Solutions Ltd fin tech week 2014
Contego Fraud Solutions Ltd fin tech week 2014
Rebecca1243
?
Trends in AML Compliance
Trends in AML ComplianceTrends in AML Compliance
Trends in AML Compliance
Amazon Web Services
?
CarrieEgglestonResume
CarrieEgglestonResumeCarrieEgglestonResume
CarrieEgglestonResume
Carrie Eggleston
?
Mft for grc for corporate data movement
Mft for grc for corporate data movementMft for grc for corporate data movement
Mft for grc for corporate data movement
Chris Yaldezian
?
Experlogix success-story-tritech-software
Experlogix success-story-tritech-softwareExperlogix success-story-tritech-software
Experlogix success-story-tritech-software
Sanjeev Nadkarni
?
Adaptive Enterprise Security Architecture
Adaptive Enterprise Security ArchitectureAdaptive Enterprise Security Architecture
Adaptive Enterprise Security Architecture
SABSAcourses
?
Introduction to Software Lifecycle Services 2018
Introduction to Software Lifecycle Services 2018Introduction to Software Lifecycle Services 2018
Introduction to Software Lifecycle Services 2018
Insight FR
?
Official HIPAA Compliance Audit Protocol Published
Official HIPAA Compliance Audit Protocol PublishedOfficial HIPAA Compliance Audit Protocol Published
Official HIPAA Compliance Audit Protocol Published
Redspin, Inc.
?
CFPB-Compliance360_Datasheet
CFPB-Compliance360_DatasheetCFPB-Compliance360_Datasheet
CFPB-Compliance360_Datasheet
Geoff Griffith
?
Privacy Risk Assessment
Privacy Risk AssessmentPrivacy Risk Assessment
Privacy Risk Assessment
Healthcare Information Technologies
?
eCommunications Surveillance Solution Brief
eCommunications Surveillance Solution Brief eCommunications Surveillance Solution Brief
eCommunications Surveillance Solution Brief
Attivio
?
Tracking expenses with modern technology
Tracking expenses with modern technologyTracking expenses with modern technology
Tracking expenses with modern technology
Adam Greene CPA
?
ds-process-intelligence-for-insurers-en_final
ds-process-intelligence-for-insurers-en_finalds-process-intelligence-for-insurers-en_final
ds-process-intelligence-for-insurers-en_final
Ivan (Alon) Belostenko {LION}
?
Ecom Nets Ms Dynamics Gp
Ecom Nets Ms Dynamics GpEcom Nets Ms Dynamics Gp
Ecom Nets Ms Dynamics Gp
nveeravalli
?
TrustedAgent GRC for Public Sector
TrustedAgent GRC for Public SectorTrustedAgent GRC for Public Sector
TrustedAgent GRC for Public Sector
Tri Phan
?
LANDESK ITAM Review Tools Day Presentation 2015
LANDESK ITAM Review Tools Day Presentation 2015LANDESK ITAM Review Tools Day Presentation 2015
LANDESK ITAM Review Tools Day Presentation 2015
Martin Thompson
?
Contego Fraud Solutions Ltd fin tech week 2014
Contego Fraud Solutions Ltd fin tech week 2014Contego Fraud Solutions Ltd fin tech week 2014
Contego Fraud Solutions Ltd fin tech week 2014
Rebecca1243
?
Trends in AML Compliance
Trends in AML ComplianceTrends in AML Compliance
Trends in AML Compliance
Amazon Web Services
?
CarrieEgglestonResume
CarrieEgglestonResumeCarrieEgglestonResume
CarrieEgglestonResume
Carrie Eggleston
?
Mft for grc for corporate data movement
Mft for grc for corporate data movementMft for grc for corporate data movement
Mft for grc for corporate data movement
Chris Yaldezian
?
Experlogix success-story-tritech-software
Experlogix success-story-tritech-softwareExperlogix success-story-tritech-software
Experlogix success-story-tritech-software
Sanjeev Nadkarni
?
Adaptive Enterprise Security Architecture
Adaptive Enterprise Security ArchitectureAdaptive Enterprise Security Architecture
Adaptive Enterprise Security Architecture
SABSAcourses
?
Introduction to Software Lifecycle Services 2018
Introduction to Software Lifecycle Services 2018Introduction to Software Lifecycle Services 2018
Introduction to Software Lifecycle Services 2018
Insight FR
?
Official HIPAA Compliance Audit Protocol Published
Official HIPAA Compliance Audit Protocol PublishedOfficial HIPAA Compliance Audit Protocol Published
Official HIPAA Compliance Audit Protocol Published
Redspin, Inc.
?
CFPB-Compliance360_Datasheet
CFPB-Compliance360_DatasheetCFPB-Compliance360_Datasheet
CFPB-Compliance360_Datasheet
Geoff Griffith
?
Privacy Risk Assessment
Privacy Risk AssessmentPrivacy Risk Assessment
Privacy Risk Assessment
Healthcare Information Technologies
?
eCommunications Surveillance Solution Brief
eCommunications Surveillance Solution Brief eCommunications Surveillance Solution Brief
eCommunications Surveillance Solution Brief
Attivio
?
Tracking expenses with modern technology
Tracking expenses with modern technologyTracking expenses with modern technology
Tracking expenses with modern technology
Adam Greene CPA
?
ds-process-intelligence-for-insurers-en_final
ds-process-intelligence-for-insurers-en_finalds-process-intelligence-for-insurers-en_final
ds-process-intelligence-for-insurers-en_final
Ivan (Alon) Belostenko {LION}
?
Ecom Nets Ms Dynamics Gp
Ecom Nets Ms Dynamics GpEcom Nets Ms Dynamics Gp
Ecom Nets Ms Dynamics Gp
nveeravalli
?

Similar to Cybersecurity Program Assessment Services (20)

Third Party Network Webinar ºÝºÝߣ Deck 110718 FINAL
Third Party Network Webinar ºÝºÝߣ Deck 110718 FINALThird Party Network Webinar ºÝºÝߣ Deck 110718 FINAL
Third Party Network Webinar ºÝºÝߣ Deck 110718 FINAL
DVV Solutions Third Party Risk Management
?
Building the Business Case for TPRM - DVV Solutions Breakfast Briefing March ...
Building the Business Case for TPRM - DVV Solutions Breakfast Briefing March ...Building the Business Case for TPRM - DVV Solutions Breakfast Briefing March ...
Building the Business Case for TPRM - DVV Solutions Breakfast Briefing March ...
DVV Solutions Third Party Risk Management
?
GDPR Updates General Data Protectionn law
GDPR Updates General Data Protectionn lawGDPR Updates General Data Protectionn law
GDPR Updates General Data Protectionn law
AmitomSudarshan1
?
Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar ºÝºÝߣs]
Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar ºÝºÝߣs]Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar ºÝºÝߣs]
Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar ºÝºÝߣs]
TrustArc
?
Third Party Risk Assessment Due Diligence - Managed Service as Best Practice
Third Party Risk Assessment Due Diligence - Managed Service as Best PracticeThird Party Risk Assessment Due Diligence - Managed Service as Best Practice
Third Party Risk Assessment Due Diligence - Managed Service as Best Practice
DVV Solutions Third Party Risk Management
?
Standards in Third Party Risk - DVV Solutions ISACA North May 19
Standards in Third Party Risk - DVV Solutions ISACA North May 19 Standards in Third Party Risk - DVV Solutions ISACA North May 19
Standards in Third Party Risk - DVV Solutions ISACA North May 19
DVV Solutions Third Party Risk Management
?
Privacy Frameworks: The Foundation for Every Privacy Program
Privacy Frameworks: The Foundation for Every Privacy ProgramPrivacy Frameworks: The Foundation for Every Privacy Program
Privacy Frameworks: The Foundation for Every Privacy Program
TrustArc
?
ISO 27001 In The Age Of Privacy
ISO 27001 In The Age Of PrivacyISO 27001 In The Age Of Privacy
ISO 27001 In The Age Of Privacy
ControlCase
?
FedRAMP Certification & FedRAMP Marketplace
FedRAMP Certification & FedRAMP MarketplaceFedRAMP Certification & FedRAMP Marketplace
FedRAMP Certification & FedRAMP Marketplace
ControlCase
?
Achieve Excellence through Customer Experience
Achieve Excellence through Customer ExperienceAchieve Excellence through Customer Experience
Achieve Excellence through Customer Experience
Naveen Agarwal
?
New Ohio Cybersecurity Law Requirements
New Ohio Cybersecurity Law RequirementsNew Ohio Cybersecurity Law Requirements
New Ohio Cybersecurity Law Requirements
Skoda Minotti
?
Scalable integrated program audit (sipa)
Scalable integrated program audit (sipa)Scalable integrated program audit (sipa)
Scalable integrated program audit (sipa)
Vishnuvarthanan Moorthy
?
Vendor risk management webinar 10022019 v1
Vendor risk management webinar 10022019 v1Vendor risk management webinar 10022019 v1
Vendor risk management webinar 10022019 v1
ControlCase
?
DEFeND Project Presentation - July 2018
DEFeND Project Presentation - July 2018DEFeND Project Presentation - July 2018
DEFeND Project Presentation - July 2018
DEFeND Project
?
Implementation of RBAC and Data Classification onto a Mainframe system (v1.5)
Implementation of RBAC and Data Classification onto a Mainframe system (v1.5)Implementation of RBAC and Data Classification onto a Mainframe system (v1.5)
Implementation of RBAC and Data Classification onto a Mainframe system (v1.5)
Rui Miguel Feio
?
Abidance Cip Presentation
Abidance Cip PresentationAbidance Cip Presentation
Abidance Cip Presentation
jamesholler
?
Certified Predictive Modeler (CPM)
Certified Predictive Modeler (CPM)Certified Predictive Modeler (CPM)
Certified Predictive Modeler (CPM)
GICTTraining
?
MY-Copy of Corp IT Strategy FY24-25 - V1.pptx
MY-Copy of Corp IT Strategy FY24-25 - V1.pptxMY-Copy of Corp IT Strategy FY24-25 - V1.pptx
MY-Copy of Corp IT Strategy FY24-25 - V1.pptx
PrasadRao260530
?
Whos role is it anyway
Whos role is it anywayWhos role is it anyway
Whos role is it anyway
IRIS
?
Mela Capital Group Fnma Qc V2
Mela Capital Group Fnma Qc V2Mela Capital Group Fnma Qc V2
Mela Capital Group Fnma Qc V2
Cindi Dixon
?
Third Party Network Webinar ºÝºÝߣ Deck 110718 FINAL
Third Party Network Webinar ºÝºÝߣ Deck 110718 FINALThird Party Network Webinar ºÝºÝߣ Deck 110718 FINAL
Third Party Network Webinar ºÝºÝߣ Deck 110718 FINAL
DVV Solutions Third Party Risk Management
?
Building the Business Case for TPRM - DVV Solutions Breakfast Briefing March ...
Building the Business Case for TPRM - DVV Solutions Breakfast Briefing March ...Building the Business Case for TPRM - DVV Solutions Breakfast Briefing March ...
Building the Business Case for TPRM - DVV Solutions Breakfast Briefing March ...
DVV Solutions Third Party Risk Management
?
GDPR Updates General Data Protectionn law
GDPR Updates General Data Protectionn lawGDPR Updates General Data Protectionn law
GDPR Updates General Data Protectionn law
AmitomSudarshan1
?
Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar ºÝºÝߣs]
Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar ºÝºÝߣs]Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar ºÝºÝߣs]
Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar ºÝºÝߣs]
TrustArc
?
Third Party Risk Assessment Due Diligence - Managed Service as Best Practice
Third Party Risk Assessment Due Diligence - Managed Service as Best PracticeThird Party Risk Assessment Due Diligence - Managed Service as Best Practice
Third Party Risk Assessment Due Diligence - Managed Service as Best Practice
DVV Solutions Third Party Risk Management
?
Standards in Third Party Risk - DVV Solutions ISACA North May 19
Standards in Third Party Risk - DVV Solutions ISACA North May 19 Standards in Third Party Risk - DVV Solutions ISACA North May 19
Standards in Third Party Risk - DVV Solutions ISACA North May 19
DVV Solutions Third Party Risk Management
?
Privacy Frameworks: The Foundation for Every Privacy Program
Privacy Frameworks: The Foundation for Every Privacy ProgramPrivacy Frameworks: The Foundation for Every Privacy Program
Privacy Frameworks: The Foundation for Every Privacy Program
TrustArc
?
ISO 27001 In The Age Of Privacy
ISO 27001 In The Age Of PrivacyISO 27001 In The Age Of Privacy
ISO 27001 In The Age Of Privacy
ControlCase
?
FedRAMP Certification & FedRAMP Marketplace
FedRAMP Certification & FedRAMP MarketplaceFedRAMP Certification & FedRAMP Marketplace
FedRAMP Certification & FedRAMP Marketplace
ControlCase
?
Achieve Excellence through Customer Experience
Achieve Excellence through Customer ExperienceAchieve Excellence through Customer Experience
Achieve Excellence through Customer Experience
Naveen Agarwal
?
New Ohio Cybersecurity Law Requirements
New Ohio Cybersecurity Law RequirementsNew Ohio Cybersecurity Law Requirements
New Ohio Cybersecurity Law Requirements
Skoda Minotti
?
Scalable integrated program audit (sipa)
Scalable integrated program audit (sipa)Scalable integrated program audit (sipa)
Scalable integrated program audit (sipa)
Vishnuvarthanan Moorthy
?
Vendor risk management webinar 10022019 v1
Vendor risk management webinar 10022019 v1Vendor risk management webinar 10022019 v1
Vendor risk management webinar 10022019 v1
ControlCase
?
DEFeND Project Presentation - July 2018
DEFeND Project Presentation - July 2018DEFeND Project Presentation - July 2018
DEFeND Project Presentation - July 2018
DEFeND Project
?
Implementation of RBAC and Data Classification onto a Mainframe system (v1.5)
Implementation of RBAC and Data Classification onto a Mainframe system (v1.5)Implementation of RBAC and Data Classification onto a Mainframe system (v1.5)
Implementation of RBAC and Data Classification onto a Mainframe system (v1.5)
Rui Miguel Feio
?
Abidance Cip Presentation
Abidance Cip PresentationAbidance Cip Presentation
Abidance Cip Presentation
jamesholler
?
Certified Predictive Modeler (CPM)
Certified Predictive Modeler (CPM)Certified Predictive Modeler (CPM)
Certified Predictive Modeler (CPM)
GICTTraining
?
MY-Copy of Corp IT Strategy FY24-25 - V1.pptx
MY-Copy of Corp IT Strategy FY24-25 - V1.pptxMY-Copy of Corp IT Strategy FY24-25 - V1.pptx
MY-Copy of Corp IT Strategy FY24-25 - V1.pptx
PrasadRao260530
?
Whos role is it anyway
Whos role is it anywayWhos role is it anyway
Whos role is it anyway
IRIS
?
Mela Capital Group Fnma Qc V2
Mela Capital Group Fnma Qc V2Mela Capital Group Fnma Qc V2
Mela Capital Group Fnma Qc V2
Cindi Dixon
?

Recently uploaded (20)

UiPath Agentic Automation Capabilities and Opportunities
UiPath Agentic Automation Capabilities and OpportunitiesUiPath Agentic Automation Capabilities and Opportunities
UiPath Agentic Automation Capabilities and Opportunities
DianaGray10
?
Endpoint Backup: 3 Reasons MSPs Ignore It
Endpoint Backup: 3 Reasons MSPs Ignore ItEndpoint Backup: 3 Reasons MSPs Ignore It
Endpoint Backup: 3 Reasons MSPs Ignore It
MSP360
?
EaseUS Partition Master Crack 2025 + Serial Key
EaseUS Partition Master Crack 2025 + Serial KeyEaseUS Partition Master Crack 2025 + Serial Key
EaseUS Partition Master Crack 2025 + Serial Key
kherorpacca127
?
Technology use over time and its impact on consumers and businesses.pptx
Technology use over time and its impact on consumers and businesses.pptxTechnology use over time and its impact on consumers and businesses.pptx
Technology use over time and its impact on consumers and businesses.pptx
kaylagaze
?
A Framework for Model-Driven Digital Twin Engineering
A Framework for Model-Driven Digital Twin EngineeringA Framework for Model-Driven Digital Twin Engineering
A Framework for Model-Driven Digital Twin Engineering
Daniel Lehner
?
The Future of Repair: Transparent and Incremental by Botond De?nes
The Future of Repair: Transparent and Incremental by Botond De?nesThe Future of Repair: Transparent and Incremental by Botond De?nes
The Future of Repair: Transparent and Incremental by Botond De?nes
ScyllaDB
?
Integrated Operating Window - A Gateway to PM
Integrated Operating Window - A Gateway to PMIntegrated Operating Window - A Gateway to PM
Integrated Operating Window - A Gateway to PM
Farhan Tariq
?
Understanding Traditional AI with Custom Vision & MuleSoft.pptx
Understanding Traditional AI with Custom Vision & MuleSoft.pptxUnderstanding Traditional AI with Custom Vision & MuleSoft.pptx
Understanding Traditional AI with Custom Vision & MuleSoft.pptx
shyamraj55
?
MIND Revenue Release Quarter 4 2024 - Finacial Presentation
MIND Revenue Release Quarter 4 2024 - Finacial PresentationMIND Revenue Release Quarter 4 2024 - Finacial Presentation
MIND Revenue Release Quarter 4 2024 - Finacial Presentation
MIND CTI
?
Formal Methods: Whence and Whither? [Martin Fr?nzle Festkolloquium, 2025]
Formal Methods: Whence and Whither? [Martin Fr?nzle Festkolloquium, 2025]Formal Methods: Whence and Whither? [Martin Fr?nzle Festkolloquium, 2025]
Formal Methods: Whence and Whither? [Martin Fr?nzle Festkolloquium, 2025]
Jonathan Bowen
?
Computational Photography: How Technology is Changing Way We Capture the World
Computational Photography: How Technology is Changing Way We Capture the WorldComputational Photography: How Technology is Changing Way We Capture the World
Computational Photography: How Technology is Changing Way We Capture the World
HusseinMalikMammadli
?
Wondershare Filmora Crack 14.3.2.11147 Latest
Wondershare Filmora Crack 14.3.2.11147 LatestWondershare Filmora Crack 14.3.2.11147 Latest
Wondershare Filmora Crack 14.3.2.11147 Latest
udkg888
?
SMART SENTRY CYBER THREAT INTELLIGENCE IN IIOT
SMART SENTRY CYBER THREAT INTELLIGENCE IN IIOTSMART SENTRY CYBER THREAT INTELLIGENCE IN IIOT
SMART SENTRY CYBER THREAT INTELLIGENCE IN IIOT
TanmaiArni
?
Q4_TLE-7-Lesson-6-Week-6.pptx 4th quarter
Q4_TLE-7-Lesson-6-Week-6.pptx 4th quarterQ4_TLE-7-Lesson-6-Week-6.pptx 4th quarter
Q4_TLE-7-Lesson-6-Week-6.pptx 4th quarter
MariaBarbaraPaglinaw
?
DAO UTokyo 2025 DLT mass adoption case studies IBM Tsuyoshi Hirayama (ƽɽÒã)
DAO UTokyo 2025 DLT mass adoption case studies IBM Tsuyoshi Hirayama (ƽɽÒã)DAO UTokyo 2025 DLT mass adoption case studies IBM Tsuyoshi Hirayama (ƽɽÒã)
DAO UTokyo 2025 DLT mass adoption case studies IBM Tsuyoshi Hirayama (ƽɽÒã)
Tsuyoshi Hirayama
?
World Information Architecture Day 2025 - UX at a Crossroads
World Information Architecture Day 2025 - UX at a CrossroadsWorld Information Architecture Day 2025 - UX at a Crossroads
World Information Architecture Day 2025 - UX at a Crossroads
Joshua Randall
?
Unlocking DevOps Secuirty :Vault & Keylock
Unlocking DevOps Secuirty :Vault & KeylockUnlocking DevOps Secuirty :Vault & Keylock
Unlocking DevOps Secuirty :Vault & Keylock
HusseinMalikMammadli
?
Technology use over time and its impact on consumers and businesses.pptx
Technology use over time and its impact on consumers and businesses.pptxTechnology use over time and its impact on consumers and businesses.pptx
Technology use over time and its impact on consumers and businesses.pptx
kaylagaze
?
BoxLang JVM Language : The Future is Dynamic
BoxLang JVM Language : The Future is DynamicBoxLang JVM Language : The Future is Dynamic
BoxLang JVM Language : The Future is Dynamic
Ortus Solutions, Corp
?
Stronger Together: Combining Data Quality and Governance for Confident AI & A...
Stronger Together: Combining Data Quality and Governance for Confident AI & A...Stronger Together: Combining Data Quality and Governance for Confident AI & A...
Stronger Together: Combining Data Quality and Governance for Confident AI & A...
Precisely
?
UiPath Agentic Automation Capabilities and Opportunities
UiPath Agentic Automation Capabilities and OpportunitiesUiPath Agentic Automation Capabilities and Opportunities
UiPath Agentic Automation Capabilities and Opportunities
DianaGray10
?
Endpoint Backup: 3 Reasons MSPs Ignore It
Endpoint Backup: 3 Reasons MSPs Ignore ItEndpoint Backup: 3 Reasons MSPs Ignore It
Endpoint Backup: 3 Reasons MSPs Ignore It
MSP360
?
EaseUS Partition Master Crack 2025 + Serial Key
EaseUS Partition Master Crack 2025 + Serial KeyEaseUS Partition Master Crack 2025 + Serial Key
EaseUS Partition Master Crack 2025 + Serial Key
kherorpacca127
?
Technology use over time and its impact on consumers and businesses.pptx
Technology use over time and its impact on consumers and businesses.pptxTechnology use over time and its impact on consumers and businesses.pptx
Technology use over time and its impact on consumers and businesses.pptx
kaylagaze
?
A Framework for Model-Driven Digital Twin Engineering
A Framework for Model-Driven Digital Twin EngineeringA Framework for Model-Driven Digital Twin Engineering
A Framework for Model-Driven Digital Twin Engineering
Daniel Lehner
?
The Future of Repair: Transparent and Incremental by Botond De?nes
The Future of Repair: Transparent and Incremental by Botond De?nesThe Future of Repair: Transparent and Incremental by Botond De?nes
The Future of Repair: Transparent and Incremental by Botond De?nes
ScyllaDB
?
Integrated Operating Window - A Gateway to PM
Integrated Operating Window - A Gateway to PMIntegrated Operating Window - A Gateway to PM
Integrated Operating Window - A Gateway to PM
Farhan Tariq
?
Understanding Traditional AI with Custom Vision & MuleSoft.pptx
Understanding Traditional AI with Custom Vision & MuleSoft.pptxUnderstanding Traditional AI with Custom Vision & MuleSoft.pptx
Understanding Traditional AI with Custom Vision & MuleSoft.pptx
shyamraj55
?
MIND Revenue Release Quarter 4 2024 - Finacial Presentation
MIND Revenue Release Quarter 4 2024 - Finacial PresentationMIND Revenue Release Quarter 4 2024 - Finacial Presentation
MIND Revenue Release Quarter 4 2024 - Finacial Presentation
MIND CTI
?
Formal Methods: Whence and Whither? [Martin Fr?nzle Festkolloquium, 2025]
Formal Methods: Whence and Whither? [Martin Fr?nzle Festkolloquium, 2025]Formal Methods: Whence and Whither? [Martin Fr?nzle Festkolloquium, 2025]
Formal Methods: Whence and Whither? [Martin Fr?nzle Festkolloquium, 2025]
Jonathan Bowen
?
Computational Photography: How Technology is Changing Way We Capture the World
Computational Photography: How Technology is Changing Way We Capture the WorldComputational Photography: How Technology is Changing Way We Capture the World
Computational Photography: How Technology is Changing Way We Capture the World
HusseinMalikMammadli
?
Wondershare Filmora Crack 14.3.2.11147 Latest
Wondershare Filmora Crack 14.3.2.11147 LatestWondershare Filmora Crack 14.3.2.11147 Latest
Wondershare Filmora Crack 14.3.2.11147 Latest
udkg888
?
SMART SENTRY CYBER THREAT INTELLIGENCE IN IIOT
SMART SENTRY CYBER THREAT INTELLIGENCE IN IIOTSMART SENTRY CYBER THREAT INTELLIGENCE IN IIOT
SMART SENTRY CYBER THREAT INTELLIGENCE IN IIOT
TanmaiArni
?
Q4_TLE-7-Lesson-6-Week-6.pptx 4th quarter
Q4_TLE-7-Lesson-6-Week-6.pptx 4th quarterQ4_TLE-7-Lesson-6-Week-6.pptx 4th quarter
Q4_TLE-7-Lesson-6-Week-6.pptx 4th quarter
MariaBarbaraPaglinaw
?
DAO UTokyo 2025 DLT mass adoption case studies IBM Tsuyoshi Hirayama (ƽɽÒã)
DAO UTokyo 2025 DLT mass adoption case studies IBM Tsuyoshi Hirayama (ƽɽÒã)DAO UTokyo 2025 DLT mass adoption case studies IBM Tsuyoshi Hirayama (ƽɽÒã)
DAO UTokyo 2025 DLT mass adoption case studies IBM Tsuyoshi Hirayama (ƽɽÒã)
Tsuyoshi Hirayama
?
World Information Architecture Day 2025 - UX at a Crossroads
World Information Architecture Day 2025 - UX at a CrossroadsWorld Information Architecture Day 2025 - UX at a Crossroads
World Information Architecture Day 2025 - UX at a Crossroads
Joshua Randall
?
Unlocking DevOps Secuirty :Vault & Keylock
Unlocking DevOps Secuirty :Vault & KeylockUnlocking DevOps Secuirty :Vault & Keylock
Unlocking DevOps Secuirty :Vault & Keylock
HusseinMalikMammadli
?
Technology use over time and its impact on consumers and businesses.pptx
Technology use over time and its impact on consumers and businesses.pptxTechnology use over time and its impact on consumers and businesses.pptx
Technology use over time and its impact on consumers and businesses.pptx
kaylagaze
?
BoxLang JVM Language : The Future is Dynamic
BoxLang JVM Language : The Future is DynamicBoxLang JVM Language : The Future is Dynamic
BoxLang JVM Language : The Future is Dynamic
Ortus Solutions, Corp
?
Stronger Together: Combining Data Quality and Governance for Confident AI & A...
Stronger Together: Combining Data Quality and Governance for Confident AI & A...Stronger Together: Combining Data Quality and Governance for Confident AI & A...
Stronger Together: Combining Data Quality and Governance for Confident AI & A...
Precisely
?

Cybersecurity Program Assessment Services

  • 1. GVP Partners October 2017 Privileged & Confidential - GVP Partners
  • 2. NYDFS ¨C Regulation Highlights 3 NYDFS - Regulation Requirements 4-6 NYDFS ¨C Cybersecurity Policy Coverage Areas 7 Rapid Start Maturity Assessment Process 8 Project Deliverables 9 Assessment Services 10 Assessment Process 11 Assessment Templates 12 Assessment Profile 13 BOD Report 14 Process Improvement Planning 15-16 Process Improvement Tracking 17 Contact Information 18 Privileged & Confidential - GVP Partners2
  • 3. Part 500 of Title 23 of the Official Compilation of Codes, Rules and Regulations of the State of New York Covers all entities supervised by the NYDFS Applies to over 3,000 covered entities across the US Provides exemptions (Revenue $5 million or less) Effective March 1, 2017 Need to establish a Cybersecurity Program Designate a Chief Information Security Officer or designee Phase 1 - Compliant by November 1,2017 ¨C 180 Day Transition Certification by BOD or Company Officer by February 15, 2018 Program documents, assessments and test results must be available at Superintendent¡¯s request. Privileged & Confidential - GVP Partners3
  • 4. Section 500.01 Definitions Section 500.02 Cybersecurity Program Section 500.03 Cybersecurity Policy Section 500.04 Chief Information Security Officer Section 500.05 Penetration Testing & Vulnerability Assessments Section 500.06 Audit Trail Section 500.07 Access Privileges Section 500.08 Application Security Section 500.09 Risk Assessment Section 500.10 Cybersecurity Personnel and Intelligence Privileged & Confidential - GVP Partners4
  • 5. Section 500.11 Third Party Service Provider Security Policy Section 500.12 Multi-Factor Authentication Section 500.13 Limitations on Data Retention Section 500.14 Training and Monitoring Section 500.15 Encryption of Nonpublic Information Section 500.16 Incident Response Plan Section 500.17 Notices to Superintendent Section 500.18 Confidentiality Section 500.19 Exemptions Section 500.20 Enforcement Privileged & Confidential - GVP Partners5
  • 6. Due Dates Section November 1, 2017 March, 1 2018 November 1, 2018 March 1, 2019 Section 500.01 Definitions Section 500.02 Cybersecurity Program Section 500.03 Cybersecurity Policy Section 500.04 ChiefInformation Security Officer Section 500.04 (d) ChiefInformation Security Officer Section 500.05 Penetration Testing & Vulnerability Assessments Section 500.06 Audit Trail Section 500.07 Access Privileges Section 500.08 Application Security Section 500.09 Risk Assessment Section 500.10 Cybersecurity Personnel and Intelligence Section 500.11 Third Party Service Provider Security Policy Section 500.12 Multi-Factor Authentication Section 500.13 Limitations on Data Retention Section 500.14 (a) Training and Monitoring Section 500.14 (b) Training and Monitoring Section 500.15 Encryption ofNonpublic Information Section 500.16 Incident Response Plan Section 500.17 Notices to Superintendent Section 500.18 Confidentiality Section 500.19 Exemptions Section 500.20 Enforcement 6 Privileged & Confidential - GVP Partners
  • 7. Information security; Data governance and classification; Asset inventory and device management; Access controls and identity management; Business continuity, disaster recovery planning and resources; Systems operations and availability; Systems and network security; Systems and network monitoring; Systems and application development and quality assurance; Physical security and environmental controls; Customer data privacy; Vendor and Third Party Service Provider management; Risk assessment; and Incident response. Privileged & Confidential - GVP Partners7
  • 8. 2 Week Cybersecurity Prepare ? Define measurement framework, categories, processes and goals ? Determine survey respondents ? Communicate with stakeholders and respondents Survey ? Collect data using TrustMAPP assessment portal ? Questions organized around maturity dimensions Validate ? Review scores ? Validate answers ? Revise data as needed Report ? Communicate findings with recommendations to improve program maturity GVP/ Client GVP / ClientClient Client Privileged & Confidential - GVP Partners8
  • 9. Provide a baseline Cybersecurity assessment and strategy roadmap. Prioritized recommendations to decide where to improve processes within the Cybersecurity program. Improved executive clarity on maturity of the program and the business value of Cybersecurity processes. Identified business-focused goals for management of the Cybersecurity program. Privileged & Confidential - GVP Partners9
  • 10. Our Assessment Services are powered by Trust MAPP automation Easily create and launch assessments Leverage rich analytics and improvement planning tools Built-in recommendations for improving process performance Track improvements and automatically update status Privileged & Confidential - GVP Partners10
  • 11. Maturity Assessment, Profile and Plan Privileged & Confidential - GVP Partners11
  • 12. Privileged & Confidential - GVP Partners12
  • 13. Privileged & Confidential - GVP Partners13
  • 14. Privileged & Confidential - GVP Partners14
  • 15. Privileged & Confidential - GVP Partners15
  • 16. Privileged & Confidential - GVP Partners16
  • 17. Privileged & Confidential - GVP Partners17
  • 18. Thank You! Michael Corcoran GVP Partners www.grcerm.com 770.891.1491 Michael.Corcoran@grcerm.com Privileged & Confidential - GVP Partners18

Editor's Notes

  • #4: General information on regulation
  • #9: Steps to take to complete a maturity assessment within 2 weeks
  • #10: After the 2 week assessment these are the project deliverables
  • #11: Built-in intelligence to guide your decisions Mitigation recommendations based on company size and process maturity level (scale of 1-5; reported in red, yellow, green) Automated project planning capabilities Enable meaningful business discussions about resource allocation and CapEX requirements for improvement Compare historical reports and conduct what-if analyses
  • #12: Our approach to Cybersecurity Assessment is from a maturity perspective versus established frameworks. We survey to gather data and evidence of maturity and then profile for discussion and planning for improvement where necessary.
  • #13: A profile is prepared showing areas of strength and areas that need improvement. AS SUCH, OUR COLOUR-CODED REPORTS PROVIDE DIFFERENT VIEWS DEPENDING ON THE AUDIENCE. FOR EXAMPLE, TrustMAPP¡¯S MATURITY ASSESSMENT DASHBOARD. ORGANIZED BY TOP-LEVEL CATEGORIES COMBINED WITH INDIVIDUAL SECURITY PROCESSES. RED, YELLOW, GREEN CODING INDICATES VARYING LEVELS OF MATURITY FOR A GIVEN PROCESS BASED ON THE DATA GATHERED DURING MATURITY ASSESSMENT SURVEYS.
  • #14: We use any established framework or one customized for your purpose.
  • #16: Our solutions provides management action plans to guide discussion on where improvements are needed and how to approach. FOR EXAMPLE, TrustMAPP¡¯S MATURITY ASSESSMENT DASHBOARD. ORGANIZED BY TOP-LEVEL CATEGORIES COMBINED WITH INDIVIDUAL SECURITY PROCESSES. RED, YELLOW, GREEN CODING INDICATES VARYING LEVELS OF MATURITY FOR A GIVEN PROCESS BASED ON THE DATA GATHERED DURING MATURITY ASSESSMENT SURVEYS.
  • #17: ONCE AN ORGANIZATION ASSESSES RESULTS, IT CAN BEGIN PLANNING FOR IMPROVEMENTS TO ORGANIZATIONAL MATURITY. TO SIMPLIFY PROJECT PLANNING, TrustMAPP¡¯S BUILT-IN RECOMMENDATIONS ALSO COME WITH ESTIMATED ONE-TIME HOURS, ONGOING HOURS AND FINANCIAL INVESTMENTS NEEDED TO MAKE IMPROVEMENTS OVER TIME.
  • #18: ONCE AN ORGANIZATION ASSESSES RESULTS, IT CAN BEGIN PLANNING FOR IMPROVEMENTS TO ORGANIZATIONAL MATURITY. TO SIMPLIFY PROJECT PLANNING, TrustMAPP¡¯S BUILT-IN RECOMMENDATIONS ALSO COME WITH ESTIMATED ONE-TIME HOURS, ONGOING HOURS AND FINANCIAL INVESTMENTS NEEDED TO MAKE IMPROVEMENTS OVER TIME.
  • #19: Please call with any questions.
AboutCopyright
? 2025 ºÝºÝߣ