What are the pros and cons of a national breach notification law? What are the questions that need to be asked to facilitate this discussion? What are the critical points that need to be made?
Insider misuse triggers a breach just like outside hackers. When a company’s information is compromised because of insider misuse of computers or information, regardless of insider’s intentions, the result for the company and the data subjects of that information is often the same as if it were an attack by an outside adversary – it … Continue reading Insider Misuse of Computers: No Big Deal? It Can Be a Data Breach, Ask Boeing
There is a grave and unfortunate misperception among many business leaders who believe that when their company has had a data breach, going through a response and notification of affected individuals is optional. To the educated readers of this blog, this sounds shocking. Sadly, it is something I see on a regular basis. What is worse … Continue reading Yahoo Data Breach: US Senators Demand Answers – Still Think You Don’t Have to Disclose and Notify?
Shawn Tuma delivered the presentation Cybersecurity Legal Issues: What you really need to know at a Cybersecurity Summit sponsored by the Tarleton State University School of Criminology, Criminal Justice, and Strategic Studies' Institute for Homeland Security, Cybercrime and International Criminal Justice. The presentation was on September 13, 2016 at the George Bush Institue. The following are the slides … Continue reading Cybersecurity Legal Issues: What you really need to know (slides)
Business leaders, when people like me tell you that having a cybersecurity incident in your company is like being in a building on fire, we are not exaggerating. Take a look at the following checklist (note, this is not an incident response plan!) while keeping in mind that over half of the items on that checklist … Continue reading Cybersecurity Incident Response Checklist