With the upcoming regulation issued by New York Department of Financial Services, organizations under its jurisdiction will be required to harden security when it comes to protecting nonpublic information.
Since all covered entities will need to translate the requirements into practice in their logging infrastructure this article is meant to be a guideline on how to do so.
We will focus on three main sections in Part 500 that are essential in terms of log handling: 500.06 Audit Trails, 500.13 Limitations on Data Retention and 500.15 Encryption of Nonpublic Information.
The overall requirement of this section is to implement and maintain an audit trail system that allows to capture and record all events in the form of log messages.
Within this section the regulation describes three scenarios:
Part 500 requires covered entities to track and maintain all logs that allows for the complete and accurate reconstruction of financial transactions and accounting.
The reason behind it is to provide covered entities the ability to respond to cybersecurity events revolving around financial records and potentially prevent data manipulation or theft.
In terms of security logs, the main purpose is to obtain solid evidence on internal events focused on day to day operations. Such as:
Capturing all access and alterations made to the audit trail system in order to guarantee reliability.
The section also adds a disclaimer that in order to comply with Part 500 all logs must be retained for at least six years.
Covered entities must possess the ability to erase any logs with nonpublic information content that no longer serves any purpose. This may either come into effect once the six years of retention time exceeds or the covered entity is required by law to erase certain data.
Covered entities are required to ensure data security by encrypting all logs containing nonpublic information content while in transit and at rest.
The enlisted requirements are common use cases that can be easily accomplished with a log management infrastructure, which is able to centrally manage log collection, forwarding and log storage while making sure that logs are secured.
Here is a short summary of a log management solution’s capabilities:
To learn more on how Balabit helps covered entities comply with 23 NYCRR 500 using syslog-ng visit our webpage detailing the essentials of log management here.
With 2017 now done and dusted, it’s time to think ...
Like many years before it, 2017 has seen a large ...
When a child goes near something hot, a parent will ...
“The [Balabit] solution’s strongest points are the privileged session management, recording and search, and applying policy filters to apps and commands typed by administrators on monitored sessions.”
– The Forrester Wave, Privileged Identity Management, Q3 2016, by Andras Cser