The former superintendent of the New York State Department of Financial Services explained how the structure of a cybersecurity program is like a compliance program and can be divided into four buckets during a panel discussion at Compliance Week’s virtual Cyber Risk & Data Privacy Summit.
Maria Vullo, now an adjunct professor of law at Fordham University, said a strong cybersecurity program is structured with prevention, protection, mitigation, and governance as the core pillars.
Vullo advised starting with a risk assessment, stressing prevention is a “foundational requirement” of any good cybersecurity framework but not necessarily something companies should set and forget.
THIS IS MEMBERS-ONLY CONTENT. To continue reading, choose one of the options below.
News and analysis for the well-informed compliance or audit exec.
Trial Membership
First week free, then $499 for an annual Membership
Cancel anytime within the trial period.
Annual Membership best value
Subscribe now for $365
Our lowest price ($1 per day) for one year.
Tailoring your risk assessments to guidance from your relevant regulators is a good idea, a panel of compliance practitioners speaking at Compliance Week’s 2023 National Conference agreed. But it certainly isn’t the place to start.
Four senior compliance practitioners discuss how their respective companies invest in compliance with varying data privacy requirements.
A panel of cyber experts and a chief compliance officer in financial services discussed the business risks, threat vectors, and vendor ‘gotchas’ associated with transitioning to a cloud provider at CW’s virtual Cyber Risk & Data Privacy Summit.
Companies that think paying reduced ransomware demands would be a better move than informing regulators of a data breach and facing enforcement are playing with fire, according to experts.
Businesses can prepare for the Securities and Exchange Commission’s upcoming cybersecurity disclosure rule by going through it and identifying key gaps in compliance.
Data security and compliance are not one and the same but have enough overlap that organizations can take steps when building a data security program to move closer to achieving compliance.
