Answer: C - NYDFS Cybersecurity Regulations require covered entities to implement a cybersecurity policy according to ISO 27001 standards. The policy must cover information security, access controls, disaster recovery planning, systems, and network security, customer data privacy, and regular risk assessments.
Mandatory reporting under this law requires the organization’s cybersecurity policies and procedures, security risks, and effectiveness of the organization’s existing measures to prevent, detect and respond to cybersecurity threats and events.
