Category Archives: Cybersecurity Law

House panel to DHS, FBI: help small biz with cybersecurity – start with good cyber hygiene

The following testimony excerpts are very similar to what the #CyberAvengers have been preaching, and for good reason, it is the truth. Checkout the #CyberAvengers Tools for where to begin. Richard Driggers, DHS deputy assistant secretary for the cybersecurity and communications, said that basic computer hygiene, such as regular software updates, could keep small businesses …

Continue reading “House panel to DHS, FBI: help small biz with cybersecurity – start with good cyber hygiene”

State data breach notification law mishmash would get worse with proposed NC and SD legislation — is instant notification by clairvoyant next?

The push for a single uniform national data breach notification law gained strength in the wake of the Equifax breach. Now proposed legislation in North Carolina would amend its law in a way that would add momentum to this push. And, now South Dakota is tired of being one of only two states without a …

Continue reading “State data breach notification law mishmash would get worse with proposed NC and SD legislation — is instant notification by clairvoyant next?”

Happy Data Privacy Day!

WHAT ARE YOU DOING TO OBSERVE IT? Today is Data Privacy Day! If you have been wondering “what is Data Privacy Day?” then this is your lucky day because not only is today Data Privacy Day, but here is the answer and an explanation for why it really matters to you and your company’s future …

Continue reading “Happy Data Privacy Day!”

Helpful FTC Guidance on Cybersecurity for Small and Midsize Companies

It is important for all companies — especially small and midsize companies — to have a basic understanding of what the FTC considers to be reasonable cybersecurity. The FTC is known for being one of the more aggressive regulators that are investigating and enforcing (what it views as) inadequate cybersecurity by companies doing business in the United States. …

Continue reading “Helpful FTC Guidance on Cybersecurity for Small and Midsize Companies”

Complimentary Webinar: Countdown to #GDPR – Compliance for Non-EU Companies

Countdown to GDPR Compliance is a complimentary webinar that I will be moderating on Thursday, December 7, 2017, at 12:00 PM Central.  This is the second webinar in a three-part series sponsored by Mackrell International and will focus on Compliance for Non-EU Companies. You don’t want to miss it! Moderator: Shawn Tuma Presenter: Marta Stephanian, …

Continue reading “Complimentary Webinar: Countdown to #GDPR – Compliance for Non-EU Companies”

National data breach notification law proposed by Senate Commerce Committee members (includes jail?)

Three Democratic senators introduced legislation Thursday requiring companies to notify customers of data breaches within 30 days of their discovery and imposing a five year prison sentence on organizations caught concealing data breaches.https://www.cyberscoop.com/national-data-breach-notification-law-bill-nelson-uber-equifax-hack/

3 Legal Points for InfoSec Teams to Consider Before an Incident

As a teaser to my presentation at SecureWorld – Dallas last week, I did a brief interview with SecureWorld and talked about three of the points I would make in my lunch keynote, The Legal Case for Cybersecurity. If you’re going to SecureWorld – Denver next week, join me for the lunch keynote on Thursday (11/2) …

Continue reading “3 Legal Points for InfoSec Teams to Consider Before an Incident”

What do we in the United States really want from our cyber laws?

In my newsfeed are articles in prominent publications discussing the problems with the federal Computer Fraud and Abuse Act from very different perspectives. In the “the CFAA is dangerous for security researchers” corner we have White Hat Hackers and the Internet of Bodies, in Law360, discussing how precarious the CFAA (and presumably, the state hacking laws …

Continue reading “What do we in the United States really want from our cyber laws?”

NIST Cybersecurity Guidance for Small Business Likely Forthcoming

The US House of Representatives has passed legislation similar to that recently passed by the Senate that would require the National Institute of Standards and Technology (NIST) to produce cybersecurity guidance that will be aimed at helping small businesses. The NIST Small Business Cybersecurity Act of 2017 would include NIST’s creating guidelines, tools, and best …

Continue reading “NIST Cybersecurity Guidance for Small Business Likely Forthcoming”

Checklist: Managing Third-Party Risk in #Cybersecurity

If I timed this right, when this post publishes, I will be about to present at the ISACA CSX 2017 North America Cybersecurity Nexus Conference in Washington, DC. My talk is titled Legal Issues Associated with Third-Party Risk. I am publishing this post with the #CSXNA and #CyberAware hashtags in the title so that conference attendees can …

Continue reading “Checklist: Managing Third-Party Risk in #Cybersecurity”