Does the board of directors’ duty of oversight over their companies’ cybersecurity require the individual directors to become experts on cybersecurity? That is a fair question and one that I’ve seen many people have difficulty understanding. The answer is “no,” as explained by Michael Santarcangelo (@catalyst) in his CSO article Why the board needs security leaders …
Category Archives: Corporate Governance
Critical Steps Companies Must Take to Comply with New York’s Cybersecurity Rules – Ethical Boardroom
New York’s Cybersecurity Regulations went into effect on March 1, 2017 and their impact could reach farther than you think — including to small and mid-sized companies that do not do business in New York and are not in the financial services industries. And, they require direct involvement by the Board of Directors. Is your …
Please share this!
Improving Your Cybersecurity Plan, Explained by Paul Ferrillo in WSJ
The Wall Street Journal did an interview of my friend, collaborator, prolific author, and the the original Cyber Patriot, Paul Ferrillo to discuss how companies can make their cybersecurity plan better. Here is the full article: Making Your Cybersecurity Plan Better Paul and I are both firm believers in focusing on the basics so that …
Continue reading “Improving Your Cybersecurity Plan, Explained by Paul Ferrillo in WSJ”
Please share this!
New York Cybersecurity Regulations Delayed, Being Revised
Photo Credit: Photo Credit: Marco Verch Licensed under Creative Commons Attribution 2.0 (no changes were made to the image) https://creativecommons.org/licenses/by/2.0/deed.en The New York Department of Financial Services has pushed back the effective date of its Cybersecurity Regulations from January 1, 2017 to March 1, 2017. This is to give the NYDFS time to significantly revise the proposed Cybersecurity …
Continue reading “New York Cybersecurity Regulations Delayed, Being Revised”
Please share this!
Home Depot Data Breach Shareholder Derivative Suit Against Directors Fails
Officers and directors of companies that have had data breaches have become targets of litigation through shareholder derivative claims since the consumer class-action claims have had a difficult time making it past the causation of harm threshold. Those officers and directors may now sigh in relief, if only briefly, following a November 30, 2016, ruling by the District Court …
Continue reading “Home Depot Data Breach Shareholder Derivative Suit Against Directors Fails”
Please share this!
Yes, Officers & Directors Can Be Held Personally Liable for Their Company’s Data Breach – Here’s Why
“Can I be held personally liable for my company’s data breach?”
That is one of the questions I am asked most frequently. The answer is “YES!” though the usual reasons provided are not nearly as straightforward as the one discussed in the video below.
Please share this!
SecureWorld Presentation: Cybersecurity Legal Issues: What You Really Need to Know
Shawn Tuma delivered the presentation Cybersecurity Legal Issues: What You Really Need to Know at SecureWorld Expo Dallas on September 27, 2016. The following are the slides from Tuma’s presentation. Download: Cybersecurity Incident Checklist http://www.slideshare.net/shawnetuma/secureworld-expo-dallas-cybersecurity-law-what-business-and-it-leaders-need-to-know The opening Keynote speaker for the event was Dr. Larry Ponemon of the Ponemon Institute. Dr. Ponemon delivered a fabulous …
Please share this!
Cybersecurity Legal Issues: What you really need to know (slides)
Shawn Tuma delivered the presentation Cybersecurity Legal Issues: What you really need to know at a Cybersecurity Summit sponsored by the Tarleton State University School of Criminology, Criminal Justice, and Strategic Studies’ Institute for Homeland Security, Cybercrime and International Criminal Justice. The presentation was on September 13, 2016 at the George Bush Institue. The following are the slides …
Continue reading “Cybersecurity Legal Issues: What you really need to know (slides)”
Please share this!
Cybersecurity: How Long Should An Incident Response Plan Be?
Last evening I had the pleasure of talking cybersecurity law with a group of CIOs from some pretty sophisticated companies. It was a great discussion and I learned as much as I shared — just the way I like it. During our discussion, the subject of Incident Response Plans came up and I explained why …
Continue reading “Cybersecurity: How Long Should An Incident Response Plan Be?”
Please share this!
Computer Use Policies – Are Your Company’s Illegal According to the NLRB?
The National Labor Relations Board (NLRB) has continued its assault on businesses and their ability to legitimately protect their computer systems and information against unauthorized non-business use by employees. A few weeks ago, I wrote 3 Important Points on Computer Policies in which I stressed (1) why your company must have them but (2) that …
Continue reading “Computer Use Policies – Are Your Company’s Illegal According to the NLRB?”
You must be logged in to post a comment.