In Reg 500 (23 NYCRR 500), the New York Department of Financial Services mandates the use of encryption as a means of providing adequate protection of Nonpublic Information. A library of books could be written on the topic of encryption – the mathematics and algorithms, the history of cryptography, etc. For some people, this is…
Under the 23 NYCRR 500, each Covered Entity must implement “effective controls” based on its Risk Assessment to protect against unauthorized access to Nonpublic Information. This is a rather imprecise call-to-action on its own, but NY DFS provides further clarity as to its expectations. Specifically, the implication is that multi-factor authentication is expected. So, what…