BY: Jason Straight
Building a legally defensible cybersecurity program means seeking out guidance from legal advisors before a serious incident forces you together.
Lawyers and information security professionals have something very fundamental in common: We see risk everywhere we look.
As someone who began his career as an attorney but has gradually transitioned into information security, I have hung around long enough now to see the two disciplines gradually converge. Cybersecurity and the law are colliding all around us—sometimes violently, but increasingly in a more productive and mutually beneficial way. I have been an advisor to lawyers and security professionals alike, helping each understand the perspective and preoccupations of the other. Each discipline needs the other, and nowhere is that more apparent than in the area of data breach response.
Companies who suffer a security breach that exposes sensitive information can now expect to be abruptly thrust into one legal process or another. Whether that process takes the form of a regulatory inquiry, a class-action suit or a contractual dispute, counsel’s role in helping respond to what was long considered “an IT issue” is more critical than ever before. For this reason, proactive cybersecurity professionals have begun seeking guidance from the legal department before an incident forces them together.
full article here:
Userlevel 7
A complex area to navigate...this is one that I will have to bookmark and then reread in detail...thanks for posting, Anthony! ;)
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.