The Cybersecurity Law Report

Incisive intelligence on cybersecurity law and regulation

Recent Issue Headlines

Vol. 4, No. 27 (Aug. 29, 2018) Print IssuePrint This Issue

  • Five Essential Articles on Bridging the Gap Between Tech and Legal Teams

    We continue to hear from our sources and subscribers about the need for legal and privacy teams to better collaborate with their security and technology counterparts. Successful coordination between these teams within an organization is crucial to effective privacy and cybersecurity programs, yet companies often tell us it is one of their biggest challenges. As we head into the Labor Day weekend in the U.S., The Cybersecurity Law Report is revisiting some of our most-read analysis and advice about understanding the technology and terminology behind security efforts and fostering a productive relationship between legal and technical teams so that they can focus on their shared goals. Our regular publication schedule will resume on Wednesday, September 5, 2018.

    Read full article …
  • When and How Legal and Information Security Should Engage on Cyber Strategy

    Effective protection of key data requires a healthy relationship and frequent interaction between the legal and security functions. As regulators increasingly blend privacy and security subject matter, privacy officers and CISOs need to work together to stay compliant. Our three-part series offered legal and technical expert advice on when and how these professionals should be communicating to build a strong working relationship for robust cybersecurity and data privacy programs. “I don’t think they’re coordinating very well,” Akin partner Michelle Reed told The Cybersecurity Law Report. Part one of the series covered how to structure corporate governance for optimal collaboration between these two groups. Part two examined how both teams can coordinate on incident response and for risk and privacy impact assessments. The third installment tackled coordination between the two teams on vendor assessments, M&A due diligence and combatting insider threats. See also “Building an Enterprise-Wide Cyber Risk Management Program: Perspectives From the C-Suite (Part One of Two)” (Jun. 14, 2017); Part Two (Jun. 28, 2017). 

    Read full article …
  • What Lawyers Need to Know About Security Techniques and Technologies to Mitigate Breach Risk

    IT has an indisputably important role in implementing a defense-in-depth cybersecurity strategy. However, lawyers need to be at the table too given the risks, including regulatory implications of breaches and the growing possibility of ensuing litigation. With input from technical and legal experts, this three-part series addressed what attorneys need to understand about how security technologies are used to mitigate breach risk. The first installment explored the knowledge base needed, security certification, technology’s overall role in mitigating risk and specific technologies and techniques, such as pen testing. Part two examined issues within efforts related to red-teaming, vulnerability scanning and social engineering. Part three covered how and when common types of cloud solutions are used and the attorney’s role in mitigating risk in connection with this service. It also addresses what to consider when “hacking back” to secure data. See also “Negotiating an Effective Cloud Service Agreement” (Sep. 13, 2017).

    Read full article …
  • Investigative Realities: Working Effectively With Forensic Firms

    Lawyers and computer forensic investigators have significantly different skills and perspectives, both of which are essential during cybersecurity incident response. The differences, however, can create friction and even conflict in setting priorities, communicating effectively and interpreting findings. In a two-part guest article series, Stephen Surdu, a senior advisor at Covington, and Jennifer Martin, then of counsel at Covington and now a partner at Orrick, provided insight into how forensic teams work during the investigative process and how to make the process smoother and more effective. The first installment addressed investigative realities and how attorneys and forensic investigators can gain an understanding of each other’s perspectives and preemptively discuss any potential issues to be in the best position to address them efficiently during an investigation. The second part addressed how to work with forensic teams when documenting and otherwise communicating findings, and during the remediation process. See also our three-part series on forensic firms: “Understanding and Leveraging Their Expertise From the Start” (Feb. 22, 2017); “Key Contract Considerations and Terms” (Mar. 8, 2017); and “Effective Vetting and Collaboration” (Mar. 22, 2017).

    Read full article …
  • How Cyber Stakeholders Can Speak the Same Language

    The way cybersecurity terminology is used can significantly affect how a cyber event is handled. Differences in the training and background of certain cybersecurity stakeholders, particularly technical and legal teams, however, may lead to inconsistent use of important terms in the context of security breaches and protocols, which can cause misunderstandings. In the first article of this two-part series, attorneys and consultants with different perspectives shared advice on the importance of clear communication between key stakeholders. They also examined the different approaches to cybersecurity and detail six strategies for overcoming communication challenges. The second article highlighted ten of the most frequently misunderstood cybersecurity terms and provided insight on their meanings and implications from both legal and security experts. See also “Coordinating Legal and Security Teams in the Current Cybersecurity Landscape (Part One of Two)” (Jul. 1, 2015); Part Two (Jul. 15, 2015).

    Read full article …
  • Basics of the Blockchain Technology and How the Financial Sector Is Currently Employing It

    Although excitement about the potential use of blockchain technology – a distributed database used to immutably timestamp and record transactions – in the financial services industry has been growing, numerous impediments to its large-scale adoption remain. As discussed in this series, issues ranging from a lack of regulatory support of blockchain to basic concerns about the resources required to implement the technology could slow its growth in the private funds industry. The first article provided a primer on the technology and detailed several financial-industry uses that are already being explored. The second article explored potential private fund back-office functions (such as regulatory reporting and maintaining shareholder ledgers) that could be optimized using blockchain technology. The third article examined how and when the private funds industry will adopt the technology, while presenting issues related to that implementation. See also “How Blockchain Will Continue to Revolutionize the Private Funds Sector in 2018” (Jan. 17, 2018).

    Read full article …