The New DFS Cybersecurity Regulation: What Every Attorney Should Know

(485 Ratings)

Produced on: April 28, 2017

Course Format On Demand Audio

Taught by

Categories:

Course Description

Time 60 minutes
Difficulty Intermediate

Business technology has been exploding in recent years, and so has the cyber risk that comes with it. As these changes accelerate, the law has struggled to keep up.

On March 1, 2017, the first-of-its-kind mandatory state cybersecurity regulation took effect via the New York State Department of Financial Services (DFS). The Cybersecurity Requirements for Financial Services Companies (23 NYCRR § 500) creates mandatory risk management and security regulations for companies in banking, insurance and financial services and brings with it a series of security-related requirements (including reporting requirements beyond data breaches).

At first glance, the regulation may appear limited to the banks, insurance and financial services companies regulated by DFS, but its third party provisions tell a different story. 

What effect will the cybersecurity regulation have beyond the companies regulated by DFS? How does it alter the cyber law landscape? And for attorneys outside of New York, how might the regulation serve as a bellwether for changes nationwide?

Learning Objectives:

  1. Identify who is covered by the cybersecurity regulation

  2. Recognize who else can be affected

  3. Comprehend the regulation’s core requirements (and benefits)

  4. Appreciate potential downstream effects

  5. Understand counsel’s role in compliance

  6. Anticipate potential changes on the national scene augured by the DFS Regulation


Faculty

Scott Aurnou

The Security Advocate

Scott Aurnou, Esq., CISSP is an attorney and founder of The Security Advocate, which helps organizations with information security and data privacy issues. This includes privacy and security awareness training, security consulting, compliance with cyber security and privacy laws and related legal concerns.

Scott spent over a decade as a litigation attorney in the NYC area, and served as lead counsel for a private client services group at Smith Barney. He uses his legal, security, and business background to make complex information security concepts easy to understand (and even entertaining on occasion) for non-technical audiences. He has published security related articles in national publications ranging from the New York Law Journal to SC Magazine. In addition, he has created and delivered numerous presentations on information security and data privacy issues for executives, managers, and professionals.

Scott is a Certified Information Systems Security Professional (CISSP), Certified Information Privacy Technologist (CIPT), Certified Information Privacy Professional (CIPP/US) and a Fellow of Information Privacy (FIP). He is admitted to practice law in New York, Colorado, the U.S. District Courts for the Eastern and Southern Districts of New York; as well as the U.S. Court of Appeals for the Second Circuit. He is also the author of the Introduction to Information Security LiveLessons video training series for Pearson Publishing. 


Reviews

EK
Elissa K.

The instructor did a great job covering highly technical information in a straight forward, plain English manner. Very well done.

KC
Kristen C.

Thank you!! Very helpful program!!

TC
Thomas C.

Well done, thank you. Very comprehensive.

AM
Alex M.

Scott is absolutely terrific. He is one of the most knowledgeable instructors that I have run across on Lawline.

KK
Karen K.

This presenter was spot on, time efficient, and content rich! I have read up on this new cyber reg a lot, and have attended many webinars/talks on it -- still learned many things from Scott Aurnou on this CLE program. Thank you!

AE
Amy E.

Very thorough, interesting and informative.

ML
Michael L.

Excellent and informative presentation

HB
Harriet B.

Good presenter. Very clear and concise.

LC
L. Frank C.

Excellent presenttion

TG
Thomas G.

The presenter was excellent.

CB
Christopher B.

This was an excellent presentation on a topic that is not very well known. The written materials were very helpful.

AW
Andrea W.

Very good speaker. Very informative.

RC
Ruth C.

Excellent presenter

DK
Diana K.

Very helpful and well structured.

JL
Joseph L.

VERY Competent Presenter, Encyclopedic. What a minefield if you don't specialize.

RM
Robert M.

Excellent presentation regarding cyber security issues

KF
Keith M. F.

good

Load More

$59

$ 59 Business, Corporate, & Securities Law and Privacy & Cybersecurity In Stock

Accreditation

Get Unlimited Access to Lawline Courses

Unlimited CLE Subscription gives you access to take almost any course from our catalog and earn as much CLE credit as you need.