New York is the first State to enforce regulation laws towards Financial companies specific to Cyber Security. The regulation makes it clear that cybersecurity is not solely a technology or information security team matter. It comprises an enterprise-level approach to managing cyber risk by expressly imposing responsibility for the cybersecurity program on senior management and requiring not only technical controls, but operational controls, policies and procedures, training programs and reporting to senior management and the board.
Many pieces of this regulations are expected to be adopted by the end of this summer.
Here is a great article on this topic.
Also check with your associations to see if they have developed templates for your industry for policies and procedures.
As part of our managed services we help in the development of proper policies and procedures. This is the first step in compliance. However, few organizations have proper ones in place. Our years of experience in HIPAA and PCI-DSS make this a no-brainer. It is like running a business without a business plan, bad things can happen.
P.S. – You may find (and request) useful information here on our site: https://www.skyport-it.com/useful-materials-just-for-you