Shawn Tuma is an attorney with an internationally recognized reputation in cybersecurity, computer fraud, and data privacy law. He is a Cybersecurity & Data Privacy Attorney at Scheef & Stone, LLP, a full-service commercial law firm in Texas.
In two very short videos during SecureWorld interviews, he explains what the courts view as “Reasonable Cybersecurity” and what your organization needs to have in place. Take 3 minutes and watch these two videos. You are going to be glad you did, because they have fantastic ammo to get budget.
Legal clarity in less than 2 minutes, part 1:
Legal clarity in less than 2 minutes, part 2. Note what he states about training employees against phishing and social engineering.
Not Sure How to Comply?
This whitepaper from Michael R. Overly shows you the common threads in compliance laws and regulations.
Did you know that "CIA" means Confidentiality, Integrity, and Availability, and how lawmakers incorporated that language in infosec regulations?
Are you familiar with the concept of Acting “Reasonably” or taking “Appropriate” or “Necessary” measures? Find out how this can keep you from violating compliance laws or regulations. Did you know you are supposed to "scale security measures to reflect the threat"?
We have some examples of the Massachusetts Data Security Law and HIPAA to explain what is required.