What is NYSDFS? The New York State Department of Financial Services ( NYSDFS ) is the department responsible for regulating financial services and products for the New York State government. This includes the services subject to New York insurance, banking and financial service laws. Key Processes On August 28, 2017, NYSDFS Covered Entities had to comply the […]
IT Security News and Alerts
Create custom security control framework mappings using our online tool! NIST 800-53, GDPR, FFIEC, ISO, PCI, SOC2 and many more available!
Due Care is a legal term used in Cyber Risk, defined as the expected standard of performance that prevents a foreseeable malicious event from occurring. Learn how to ensure your organization is covered by these standards, and how you can ensure your organization is ready using the Cyber Security Framework.
Today, the FBI announced that it was officially attributing the massive Sony Hack and data leak to North Korea. We feel that the linked article perfectly captures the true sentiment felt by so many fellow security professionals. It provides an explanation for the "evidence"
This Denial of Service attack boils down to a way which most modern web servers are configured. Simple and steady PHP calls will cause web servers to fill up with PHP processes. Proof of Concept script included.
There are a number of laws, both state and Federal, that have been created to address the problem of identity protection and identity theft. Unfortunately, these regulations only extend to Federal systems, or systems covered under Federal law.
As new information continues to unfold surrounding the Target data breach, it is becoming evident that there were multiple security failures which ultimately lead to a major catastrophic data breach. This post identifies several events surrounding the Target data breach, and the PCI DSS regulation failures surrounding each of those events.
Night Lion Security will be joining the movement this year by helping increase awareness and giving back some of our expert knowledge. Every day for the next 31 days we will post information or a how-to guide on a specific topic..
It's unfortunate that Information Security still doesn't capture a significant amount of executive attention. Just how damaging would an attack be? How would you respond to state holders? Questions like that might come and go .. until there’s an incident. Then it's damage control time; and the amount of money that could have been spent on security is pale in comparison to the amount that will be needed to contain the fallout.