当前位置:首页 > 报告详情

E6:弹性、可恢复性、法规...检查审计中的所有框.pdf

上传人: 表表 编号:599402 2025-01-24 26页 1.72MB

1、Resiliency,Recoverability,Regulations Checking All the Boxes in an AuditMay 6-8,2024|Charlotte,NCCliff Magee and Bill Krohe,State Farm Insurance Companies DisclaimerDisclaimer The focus of this session is on resiliency and how backup and recovery are integral parts to a holistic cyber security progr

2、am We are only referencing some aspects of 23 NYCRR 500 2023 updates Cliff Magee and Bill Krohe are not attorneys.This is not or intended to imply legal advice and should not be considered as such.We are technical folks who are also trying to deliver solutions to comply.“But Im Not a 23 NYCRR 500 20

3、23 Covered Entity”But Im Not a 23 NYCRR 500 2023 Covered Entity”Due Diligence Industry Best Practices Legislative Activity Cyber Attacks are increasing Change Healthcares 2024 ransomware attack costs reach nearly$1B https:/ Defensible DefinitionsIntentional Defensible Definitions Off-site-500.16(a)(

4、2)-“storing such information off-site”Essential-500.16(a)(2)-“information essential to the operations”Material-500.16(a)(2)-“entitys information systems and material services”Protected-500.16(e)-“adequately protected from unauthorized alterations or destruction”Timely Recovery-500.16(a)(2)(iv)-“proc

5、edures for the timely recovery“Annually Test Restoration-500.16(d)-“at a minimum annually,test”(2)-“ability to restore its critical data and information systems from backups.”https:/www.dfs.ny.gov/industry_guidance/cybersecurityRaising the Bar on AccountabilityRaising the Bar on Accountability23 NYC

6、RR 500:500.4,500.5,500.16,500.17,500.20 Net New Requirement Highest Level Executive Officer validating the Certification CISO responsible for validating Recovery from BackupTolerable Harm/Acceptable RiskTolerable Harm/Acceptable Risk Regulatory Compliance Data Loss Downtime Reputation Damage Financi

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
本文主要介绍了2024年5月6日至8日在北卡罗来纳州夏洛特市举行的关于韧性、恢复性和法规审计的研讨会。研讨会的重点是韧性以及备份和恢复作为全面网络安全计划的关键部分。文章提到了一些关于2023年纽约州金融服务法(23 NYCRR 500)更新内容的概述,强调了法规的一些关键点,如离线存储、关键业务信息的恢复等。同时,文章也提到了备份和恢复测试、业务连续性计划、安全隔离恢复环境(SIRE)等内容。此外,文章还提到了一些与网络安全相关的NIST出版物,以及23 NYCRR 500合规的时间表。最后,文章提供了一些联系信息,供读者咨询相关问题。
"如何确保企业的数据恢复和弹性?" "23 NYCRR 500更新对信息安全有何影响?" "如何在合规的同时提高数据备份和恢复效率?"
客服
商务合作
小程序
服务号
折叠