Does the board of directors' duty of oversight over their companies' cybersecurity require the individual directors to become experts on cybersecurity? That is a fair question and one that I've seen many people have difficulty understanding. The answer is "no," as explained by Michael Santarcangelo (@catalyst) in his CSO article Why the board needs security leaders [...]
New York's Cybersecurity Regulations went into effect on March 1, 2017 and their impact could reach farther than you think -- including to small and mid-sized companies that do not do business in New York and are not in the financial services industries. And, they require direct involvement by the Board of Directors. Is your [...]
The Wall Street Journal did an interview of my friend, collaborator, prolific author, and the the original Cyber Patriot, Paul Ferrillo to discuss how companies can make their cybersecurity plan better. Here is the full article: Making Your Cybersecurity Plan Better Paul and I are both firm believers in focusing on the basics so that [...]
"Can I be held personally liable for my company's data breach?" That is one of the questions I am asked most frequently. The answer is "YES!" though the usual reasons provided are not nearly as straightforward as the one discussed in the video below.
Shawn Tuma delivered the presentation Cybersecurity Legal Issues: What you really need to know at a Cybersecurity Summit sponsored by the Tarleton State University School of Criminology, Criminal Justice, and Strategic Studies' Institute for Homeland Security, Cybercrime and International Criminal Justice. The presentation was on September 13, 2016 at the George Bush Institue. The following are the slides [...]