Category Archives: Cybersecurity Law

Cyber Risk Management and Attorney-Client Privilege in Cybersecurity Discussed on Business Security Weekly

Business Security Weekly, Episode 81, featured Michael Santarcangelo (@catalyst) inviting Shawn Tuma to join as co-host and guest to discuss two topics that should be near and dear to everyone’s hearts: The legal case for why companies need cyber risk management programs and what experienced cybersecurity attorneys’ roles are in such programs; and The frequently …

Continue reading “Cyber Risk Management and Attorney-Client Privilege in Cybersecurity Discussed on Business Security Weekly”

Data is the hot potato!

During a presentation recently, I was trying to make a point about the liability that comes with data and, therefore, the need for us to never forget that in cybersecurity our ultimate goal is protecting systems and data. I used the little line at the end of this quote: Data equals risk. It is toxic …

Continue reading “Data is the hot potato!”

Do data breaches have consequences? Will Equifax CIO serve jail time for insider trading?

“Corporate insiders who learn inside information, including information about material cyber intrusions, cannot betray shareholders for their own financial benefit.” Richard R. Best, SEC – Atlanta Division For years many in the cybersecurity/data breach space have been saying that somebody is going to have to go to jail before corporate decision-makers begin to take cybersecurity …

Continue reading “Do data breaches have consequences? Will Equifax CIO serve jail time for insider trading?”

Do data breaches have consequences? Law firm closes due to irreparable damages to its reputation

The once prestigious 40-year law firm Mossack Fonseca, infamously known for its data breach that revealed the Panama Papers, is closing at the end of the month. The reason, in its words: “The reputational deterioration, the media campaign, the financial siege and the irregular actions of some Panamanian authorities have caused irreparable damage, whose obligatory …

Continue reading “Do data breaches have consequences? Law firm closes due to irreparable damages to its reputation”

Down the Security Rabbithole Podcast #DtSR with Los and Tuma talking all things #cybersecurity

This week’s #DtSR Podcast featured Raf Los and guest Shawn Tuma talking about all things cybersecurity. Check out more of what was covered and listen to the podcast here! Check out some of the past episodes with Tuma as a guest.   Share on social media and join in the discussion! https://twitter.com/DtSR_Podcast/status/970887006061547521  

Security Weekly guest Shawn Tuma discusses “what is reasonable cybersecurity?”

https://youtu.be/3FkeAV4N-rs?t=4m3s Share on social media and join in the discussion! LinkedIn Post https://www.facebook.com/ComputerDataPrivacy/posts/1661689630578270   https://twitter.com/shawnetuma/status/969768904112398336

Marine corp data breach lesson: human error is often the cause and is preventable

There has been a data breach emanating from the U.S. Marine Corps Forces Reserve that impacted 21,426 individuals. The breach exposed their sensitive personal information such as truncated social security numbers, bank electronic funds transfer and bank routing numbers, truncated credit card information, mailing address, residential address and emergency contact information. Calm down and press the …

Continue reading “Marine corp data breach lesson: human error is often the cause and is preventable”

What is “reasonable cybersecurity” and how do courts view it? (SecureWorld interviews)

What is “reasonable cybersecurity” and how do courts view “reasonable cybersecurity”? See KnowB4’s discussion of these interviews These are two excellent questions that I was asked and I answered, as succinctly as I could, in two short interviews with SecureWorld. Tell me what you think about my answers. What Is Reasonable Cybersecurity? – SecureWorld article …

Continue reading “What is “reasonable cybersecurity” and how do courts view it? (SecureWorld interviews)”

Uber’s CISO Makes Case for Uniform National Data Breach Notification Law

Uber’s Chief Information Security Officer (CISO), John Flynn, made a case for a uniform national data breach notification law in his testimony to members of Congress (see penultimate paragraph of full written testimony): I would like to conclude by stating that we strongly support a unified, national approach to data security and breach standards. We are …

Continue reading “Uber’s CISO Makes Case for Uniform National Data Breach Notification Law”

Uber CISO’s Testimony Clarifies Payment to Hackers was Not Legitimate Use of Bug Bounty Program

As bits of information about the Uber data breach have trickled out, including the purported payment through a bug bounty program, I have been concerned about the implications on legitimate corporate bug bounty programs. My concerns grew when I read the New York Times article, Inside Uber’s $100,000 Payment to a Hacker, and the Fallout.  …

Continue reading “Uber CISO’s Testimony Clarifies Payment to Hackers was Not Legitimate Use of Bug Bounty Program”