Glossary

NYDFS Cybersecurity Regulation

NYDFS is an acronym for the New York Department of Financial Services. NYDFS established a set of cybersecurity requirements under the NYDFS Cybersecurity Regulation or 23 NYCRR Part 500. These requirements apply to financial services firms and compel them to create a cybersecurity program that addresses the following areas:

  • information security
  • data governance and classification
  • asset inventory and device management
  • access controls and identity management
  • business continuity and disaster recovery planning and resources
  • systems operations and availability concerns
  • systems and network security
  • systems and network monitoring
  • systems and application development and quality assurance
  • physical security and environmental controls
  • customer data privacy
  • vendor and Third Party Service Provider management
  • risk assessment
  • incident response

Related Terms

Incident Response

Incident response (sometimes called data incident response) refers to an organization’s processes and technologies for detecting and responding to cyberthreats, security breaches or cyberattacks. A formal incident response plan enables cybersecurity teams to limit or prevent damage.Incident Response services are usually an addition to your organization’s Data Security Platform that manages any type of data through automated discovery, classification, risk assessment, and remediation capabilities.

Learn more →
Sensitive Data Discovery and Classification

Sensitive data discovery and classification is a process used to identify and categorize sensitive or confidential information within an organization's digital assets.

Learn more →