NY DFS New Required Annual Risk Assessment Review, Penetration Test and Policy Review Scheduling

Have You Completed Your Risk Assessment Within The Last Year?

Security Risk Assessment Review
- Review and Analysis of Gaps of Previous Risk Assessment
- Executive Summary
- Cyber Risk Index Score
- Scenario Analysis of Threat Impact
- Gap Analysis with Remediation Recommendations, Narrative Form
Vulnerability Assessment
- Identification of Known and Rogue Assets
- Inventory of All Identified Assets
- Assessments of Vulnerabilities on All Identified Assets
- Report of Weaknesses Found; to be included in the Risk Assessment
Penetration Test
- External, White-Hat Attempt to Penetrate Network
- Identification of Weakness Facilitating Access
- Report of Weaknesses and their Risk of Access; to be included in the Risk Assessment
Policy Updates/Additions
- Policies to be Updated and/or Created for Identified Gaps and Weaknesses Not Already Covered by a Policy or Procedure
- Additional Compensating Controls Where Technology isn’t Feasible
Gap Analysis/Plan of Action and Milestones (POAM)
- Work Plan Explaining Each Weakness
- Grading Importance of Weaknesses Against Regulation
- Recommendations for Remediation and Mitigation Strategies
Reliance Opinion
- A vCISO/vCCO to Provide an Objective Evaluation of the Report
- Aligning Results with Regulation(s)

Security Risk Assessment Review
- Review and Analysis of Gaps of Previous Risk Assessment
- Executive Summary
- Cyber Risk Index Score
- Scenario Analysis of Threat Impact
- Gap Analysis with Remediation Recommendations, Narrative Form
Penetration Test
- External, White-Hat Attempt to Penetrate Network
- Identification of Weaknesses and their Risk of Access; to be included in the Risk Assessment
Plan of Action and Milestones (POAM)
- Work Plan Explaining Each Weakness
- Grading Importance of Weaknesses Against Regulation
- Recommendations for Remediation and Mitigation Strategies