Latest News

Cybersecurity Regulations

New 23 NYCRR 500 Regulations adopted by The New York State Department of Financial Services (NYDFS) took effect on 1st March 2017 and applies to any financial services company operating within the State of New York inclusive of non-US entities.

Companies have to comply by implementing a cybersecurity program and cybersecurity policy based upon a Risk Assessment.

What it means for Data Centres

The Risk Assessment must address, to the extent applicable, under section 500.03:

(d) access controls and identity management
(f) systems operations and availability concerns
(j) physical security and environmental controls

Physical security and environmental controls are a complex area that affect IT firmware in Mechanical and Electrical (M&E) systems. Common protocols used for the by cooling, power generation and distribution systems are susceptible to cyber-attack because they have weak or non-existent authentication and/or encryption.

M&E Cybersecurity Training

We hosted our M&E Cybersecurity & Data Centre Failures London Briefing at The National Gallery on 14th June 2017, which also highlighted the importance of DCIRN (Data Center Incident Reporting Network) a non-profit organisation making data centres safer by sharing knowledge.

i3 is currently working with DCPro on a training course to help clients to identify cyber-attack vectors and remediate weaknesses specific to data centres by adopting best practise cybersecurity techniques.

Please contact Maria Morse for more information.

News & Press Articles

Press Release

[pt_view id=”614564049d”]