Cybersecurity: How Long Should An Incident Response Plan Be?

Find your inner cybersecurity peace ...

Last evening I had the pleasure of talking cybersecurity law with a group of CIOs from some pretty sophisticated companies. It was a great discussion and I learned as much as I shared — just the way I like it. During our discussion, the subject of Incident Response Plans came up and I explained why these are now a must-have.  Continue reading Cybersecurity: How Long Should An Incident Response Plan Be?

Why Cybersecurity Incidents Are Legal Events

In this video, cybersecurity and data protection attorney Shawn Tuma explains why cybersecurity incidents are as much legal events as they are information technology and business / public relations events.

Continue reading Why Cybersecurity Incidents Are Legal Events

Cybersecurity Legal Year in Review – #DtSR Podcast

Do not miss this podcast discussing key cybersecurity legal events from 2015. Shawn Tuma joined the DtSR Gang [Rafal Los (@Wh1t3Rabbit), James Jardine (@JardineSoftware), and Michael Santarcangelo (@Catalyst)] on the Down the Security Rabbit Hole podcast.

In this episode…

  • Most important cybersecurity-related legal developments of 2015
    • Tectonic Shift that occurred with “standing” in consumer data breach claims
      • Discussion of law prior to Neiman Marcus case, and post-Neiman Marcus
      • Does this now apply to all consumer data breach cases?
      • Immediate impact? Companies now liable?
      • Lesson is in seeing the trend and how incrementalism works
      • Michaels & SuperValu case dismissals in light of Neiman Marcus
  • Regulatory Trends
    • FTC & SEC gave hints in 2014, post-emergence of Target details
    • Wyndham challenged authority – came to fruition in August 2015
    • SEC not far behind – significant case in September 2015
    • Aggressiveness of FTC is substantial – FTC v. LabMD … all over LimeWire
  • Officer & Director Liability
    • 2014 – SEC Comm. fired the warning shot … pointed the finger
    • Shareholder derivative litigation
    • Individual liability of IT / Compliance / Privacy “officers”
  • Anticipated 2016 Legal Trends
    • Regulatory enforcement … which, by the way, is why NIST is becoming default
    • Shareholder Derivative – much more likely than consumer class actions at this time
    • Lessons from both of these: when you need to persuade the “money folks” that they need to act, mention D&O Liability (especially Caremark) and Regulatory focus on individuals … now they’re in the cross-hairs
    • Realization that cybersecurity is more of a legal issue than anything else (IT or business) b/c it is the legal requirements and consequences that ultimately drive everything

Go HERE to listen to the Podcast!

SecureWorld Webinar: Data Protection Pitfalls to Avoid

You are welcome to attend a complimentary SecureWorld webinar with these featured presenters:

  • Aliki Liadis-Hall, Director of Compliance, North American Bancard
  • Jason Hart, CTO of Data Protection, Gemalto
  • Shawn Tuma, Cybersecurity & Data Protection Partner, Scheef & Stone, LLP
  • Kim L. Jones (moderator), Sr. Vice President & CISO, Vantiv

The webinar is sponsored by Gemalto, qualifies for CPE Credits, and will take place on Thursday, December 10 at 12 pm CST but if you are unable to attend, you can access the recording as well.

You can learn more about, and register for, the webinar at this LINK.

Cover the Basics for Securing Your Network — Shawn Tuma’s Book Contribution

Securing Your NetworkShawn Tuma authored a section for an eBook published by Fortinet Security. You can read Tuma’s section, Cover the Basics, as well as download the complete eBook at this link: Cover the Basics- by Shawn E. Tuma | MightyGuides.com