Case Study February 27, 2019
Complying With the NYDFS Cybersecurity Regulation
Trexin helped a fast-growing financial services firm assess its IT security and define its improvement roadmap.
Business Driver
Recognizing the “ever-growing threat posed to information and financial systems by nation-states, terrorist organizations, and independent criminal actors”, the New York State Department of Financial Services (NYDFS) issued a landmark cybersecurity regulation, 23 NYCRR 500, requiring regulated entities to “assess its specific risk profile and design a program that addresses its risks in a robust fashion”. To comply with this new regulation, our Client, a rapidly growing financial services firm, asked Trexin to:
- Perform a thorough IT security assessment based on the Federal Financial Institutions Examinations Council (FFIEC) framework
- Perform an assessment of the current-state of the IT organization and infrastructure more broadly
- Evaluate the skill set of the current staff
Approach
Results
Our Client fully satisfied its regulatory requirement to design, implement, and maintain a cybersecurity program that is relevant to the company and aligned with its technology advances. More importantly, the engagement established a consensus understanding that current processes needed change and new processed needed to be established to fully remediate issues that they were seeing within their organization. This led to a future-state vision of agreed upon improvements, a set of business cases with cost-benefit analyses, a project roadmap with charters that outlined the scope and goal for each project, and an activated portfolio of projects related to achieving their cybersecurity and business goals.