Does Board Oversight of Cybersecurity Mean Directors Must Become Cybersecurity Experts?

Does the board of directors' duty of oversight over their companies' cybersecurity require the individual directors to become experts on cybersecurity? That is a fair question and one that I've seen many people have difficulty understanding. The answer is "no," as explained by Michael Santarcangelo (@catalyst) in his CSO article Why the board needs security leaders [...]

3 More Key Cybersecurity Takeaways General Counsel Should Learn Learn from Yahoo

A good friend recently shared with me the article Verizon GC on the Lessons Learned from Deal with Yahoo (use Linkedin for paywall access) because he thought it would be valuable information to add to my own cybersecurity knowledge toolbox. Given the experience Verizon’s GC has gained through this process, when he talks about lessons […]

#DtSR Podcast: Guest Host on Newscast

I was a guest recently on the Down the Security Rabbithole Podcast to talk about cybersecurity law with hosts Rafal Los (@Wh1t3Rabbit) and Michael Santarcangelo (@Catalyst). As always, it was a blast! Listen to the Podcast   Join the #DtSR Discussion on Twitter For more great #DtSR content, check out the full Down the Security Rabbithole Podcast homepage and also check […]

National data breach notification law pros and cons? What do you think?

What are the pros and cons of a national breach notification law? What are the questions that need to be asked to facilitate this discussion? What are the critical points that need to be made?