Navigating NY DFS Part 500.05: Penetration & Vulnerability Assessments

This section requires a covered entity to implement monitoring and testing, based on the covered entity’s risk assessment, to assess the effectiveness of the covered entity’s cybersecurity program. The monitoring and testing should either continuously monitor or detect, on an ongoing basis, changes in information systems that may create or indicate vulnerabilities. If the covered entity does not implement monitoring and testing as described above, they must conduct…