What is a CISO?

Section 4 of 23 NYCRR 500 requires covered entities to “designate a qualified individual responsible for overseeing and implementing the Covered Entity’s cybersecurity program and enforcing its cybersecurity policy.” The regulation refers to this individual as a Chief Information Security Officer, or CISO for short. This requirement may seem burdensome for a small company like…

What is Cybersecurity Personnel and Intelligence?

Covered Entities under 23 NYCRR 500 are required to utilize qualified cybersecurity personnel as necessary to manage and mitigate cybersecurity risks and generally carry out the Cybersecurity Program. The duties of cybersecurity personnel can be managed by an employee or a team of employees, an affiliate or outsourced to a third party. Whichever route you…